Re: [Monotone-devel] Re: Using monotone in a team

[Nathaniel Smith]

On Thu, Nov 30, 2006 at 12:24:27AM -0600, Timothy Brownawell wrote:
> On Thu, 2006-11-30 at 17:06 +1100, Brian May wrote:
> > What happens if a trusted developer's key becomes compromised
> > (e.g. laptop stolen) or the developer becomes untrustworthy
> > (e.g. fired)?
> > 
> > Can you somehow say that old signatures are still valid, but new ones
> > aren't?
> 
> Define "new" (monotone has no concept of time).
> 
> The only way we really have is to take some other key (quite possibly
> specially generated for this, and then never used again), and reproduce
> all the certs that you do want to trust. (Well, you *could* give the
> trust hooks a list of all the known-good certs, but that gets really
> ridiculous really fast.)

The other way I know of is that when you revoke a key, you write down
a list of all the certs you want to continue trusting.  (Similarly to
how when you grant trust to a key, you may want to write down a list
of all the old certs that you don't want to start trusting.)  So trust
rules take the form of a default trust/don't trust setting, plus an
explicit list of exceptions.

-- Nathaniel

-- 
"But suppose I am not willing to claim that.  For in fact pianos
are heavy, and very few persons can carry a piano all by themselves."