Comment 2 for bug 91931
Revision history for this message
| Daniel Schierbeck (dasch) wrote Re: [Bug 91931] Re: Should support showing signatures | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
4d1350f
(Get the code!)
On Fri, 2008-05-02 at 06:41 +0000, James Henstridge wrote:
> The signature code in revisionview.py seems to be missing a particularly
> important feature: checking whether the signed revision testament
> matches the actual revision.
>
> Without doing that I can tamper with a branch while leaving the
> signatures as is, and bzr-gtk will pretend that the revision is okay.
Yes, that is a very real and important concern. I'll have a look at it
as soon as possible, but I won't be home until Monday. Is there an easy
way to generate a testament for a revision, so that it can be compared
to the signed one?
Cheers,
Daniel