"Ronald G. Minnich" rminnich@lanl.gov writes:
On Thu, 17 Mar 2005, Stefan Reinauer wrote:
It is enough to use ssh. THOUGH: It is highly recommended that you sign the commits so that the origin can be verified. (ie otherwise I could in theory fake a commit done by you)
to make sure I understand: if I have a gpgkey, then the commit process will automagically ensure that it is signed, which is not the case for sshkey?
These issues are orthogonal.
The ssh key provides write access to the repository through sftp. By chance this is the easiest way to implement a shared archive.
The gpg key (which is mandatory on a signed arch archive like linuxbios@linuxbios.org--devel) allows people to check to see if it was really you who committed the change.
So you just need the ssh key to talk to Stefan box at openbios.org
Eric