Anyone can add GPG keys to a git-chat space, including untrusted keys.
If someone added a public key to a git-chat space for a third party that
isn't trusted, that third party might be able to read messages
(git-chat-message includes all recipients by default).
Regularly checking to see if new keys were added, and looking through
them carefully, before writing each message can be annoying. Even more
annoying is typing a (trusted) list of recipients at the command line
whenever you write a message.
Under this revision, add support for reading from a .trusted-keys file to
filter message recipients. Users can add fingerprints that they trust
to this file, and only those keys will be used when composing messages.
The documentation was updated to reflect this. Various minor
improvements were made as well.
Anyone can add GPG keys to a git-chat space, including untrusted keys. If someone added a public key to a git-chat space for a third party that isn't trusted, that third party might be able to read messages (git-chat-message includes all recipients by default).
Regularly checking to see if new keys were added, and looking through them carefully, before writing each message can be annoying. Even more annoying is typing a (trusted) list of recipients at the command line whenever you write a message.
Under this revision, add support for reading from a .trusted-keys file to filter message recipients. Users can add fingerprints that they trust to this file, and only those keys will be used when composing messages.
The documentation was updated to reflect this. Various minor improvements were made as well.