[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch
From: |
Robert Collins |
Subject: |
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch |
Date: |
Mon, 08 Dec 2003 09:55:28 +1100 |
On Mon, 2003-12-08 at 09:05, Florian Weimer wrote:
> > 2) Add a ßigned-archive" property to archives
>
> This has to be set during archive registration. You also have to
> specify the fingerprint of the accepted keys.
Nope. The archive needs to indicate if it's a signed one or not, rather
than a per-committer flag, otherwise multi-user archives, such as
savannah will likely end up hosting, will allow some users to sign and
some not to. As for accepted-keys, yes that needs to be local metadata
of some form, but for now, Tom has indicated he prefers a command line
flag.
> > 4) Modify arch_pfs_put_file to optionally sign files
> >
> > If arch_pfs_put_file is asked to store a file in an archive
> > with "signed-archive" set, it should work by storing the file
> > locally (in a tmp dir), invoking gpg --detatch-sign to sign
> > the file (using --passphrase-fd to pass the passphrase) and then
> > store both files.
>
> I'm not sure if this is really, really sufficient.
It seems same from a remote point of view. If a secure mktemp is used...
what needs to be changed?
> > 5) Write a shell script to check the signatures in an archive.
>
> Clearly not sufficient. 8-)
>
> Features which are required as well (IMHO):
>
> * SHA-1 hashes in changesets (both before and after patching)
A nicety but mostly irrelevant with signatures.
> * "exact" application of changesets (hashes must match), especially
> if a pristine tree is constructed
I'd put this in phase 2.
> * archive name and changeset revision have to be covered by the
> signature
The archive name and changeset are in the log which is signed.
> * signed changeset support for mkpatch/dopatch
For mkpatch, just sign after you tar it up. for dopatch, I think this
isn't appropriate, as dopatch operates on unpacked changesets.
> * maybe something more elaborate for registering trusted developers
Completely out of scope for tla.
Rob
--
GPG key available at: <http://www.robertcollins.net/keys.txt>.
signature.asc
Description: This is a digitally signed message part
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, (continued)
- crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch], Karel Gardas, 2003/12/07
- Re: crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch], Robert Collins, 2003/12/07
- Re: crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch], Karel Gardas, 2003/12/07
- Re: crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch], Karel Gardas, 2003/12/07
- Re: crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch], Robert Collins, 2003/12/07
- Re: crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch], Karel Gardas, 2003/12/08
- Re: crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch], Paul Hedderly, 2003/12/09
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Florian Weimer, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch,
Robert Collins <=
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Thomas Zander, 2003/12/08
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Robert Collins, 2003/12/13