|
|
|
|
|
|
by rojoroboto
2983 days ago
|
|
|
Yes. In the current form, If someone gets the project owner config file they could continue to check-in indefinitely. I've been toying with the idea of optionally encrypted the owner config with a passphrase to mitigate this. It would even be possible to have a secondary "duress password" that pretends to decrypt the config, but publishes instead. |
|
|