[Kde-scm-interest] accountability
Jeff Mitchell
mitchell at kde.org
Fri Nov 13 17:06:49 CET 2009
Ian Monroe wrote:
> Which is why I like my simple flat-file log idea (a log of commit
> hash, user id, maybe time). It doesn't open up any privacy issues
> (since the info is already public) and would solve the problem by
> using the commit hash, which is a nice security feature of git.
You still have an issue in that the user id is internal to Gitorious and
is meaningless without also providing further information, like email
address, name, public ssh key, or some such thing.
All of those could be seen as potential privacy issues; for instance,
you might think the email address would be obvious, but what if a person
is committing under a different email address than what they've given to
Gitorious?
--Jeff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
Url : http://mail.kde.org/pipermail/kde-scm-interest/attachments/20091113/9185db2c/attachment.sig
More information about the Kde-scm-interest
mailing list