I think you have a good point that the web server should never have access to the users private key. The only thing that worries me is module creators would have to learn to create the key pair, submit the public key, and defend the private key. I suppose though that SourceForge.net manages the task well enough with SSH setups.
Thanks
__________________
My Journal
Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
|