The signature code in revisionview.py seems to be missing a particularly important feature: checking whether the signed revision testament matches the actual revision.
Without doing that I can tamper with a branch while leaving the signatures as is, and bzr-gtk will pretend that the revision is okay.
The signature code in revisionview.py seems to be missing a particularly important feature: checking whether the signed revision testament matches the actual revision.
Without doing that I can tamper with a branch while leaving the signatures as is, and bzr-gtk will pretend that the revision is okay.