[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch
From: |
Robert Collins |
Subject: |
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch |
Date: |
Tue, 09 Dec 2003 06:05:43 +1100 |
On Mon, 2003-12-08 at 18:48, Karel Gardas wrote:
> > Yes.
> > Trivial case: uploading from an unsigned mirror to a signed public
> > mirror.
>
> This might be changed to script signing whole mirror + push-mirror of
> signed archive.
It could, yes.
> > Trivial case: The public mirror is to be all signed by the 'authorised
> > uploader', not the individual contributors.
>
> This might be the case, but it apply only to multi-developer archives and
> is not IMHO showstopper => doesn't need to be addressed in your
> "immediate" solution.
Well, we don't know the use cases that will be used. the immediate
solution needs to DTRT for any remote archive, for changeset uploads.
And, there is little extra complexity here AFAICT.
> > > BTW: for x509 you will need to change --gpg-key to something else. What
> > > about to use: --sign-key=<string> --sign-mech=<mech>, where mech might be
> > > ``gpg'' or ``x509'' or others...
> >
> > Wouldn't it make sense to simply use x509 all the time ?
>
> I don't think so, since many people do not have their own x509
> certificate, but they seem to use OpenPGP.
>
> > Alternatively, we could have a gpg-options="--sign-key=rbtcollins
> > --sign-mech=x509" tla command, which is then passed through to gpg.
>
> Do not forget, that for example BSD community will at least like to use
> non-gpl solution here: i.e. pgp, openssl. -- which IMHO should also be
> supported.
well pgp isn't even opensource, so I don't see that making the bsd
community happy. And openssl is a transport, not relevant here (AFAIK).
So, we need either a generic parameter, or a couple of pass through
parameters for gpg etc behaviour, and a configurable command for the
gpg-like program to run.
Rob
--
GPG key available at: <http://www.robertcollins.net/keys.txt>.
signature.asc
Description: This is a digitally signed message part
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, (continued)
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Thomas Zander, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Thomas Zander, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Tom Lord, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Thomas Zander, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Tom Lord, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Thomas Zander, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Andrew Suffield, 2003/12/08
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Karel Gardas, 2003/12/07
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Karel Gardas, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Tom Lord, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Karel Gardas, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Robert Collins, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Karel Gardas, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Robert Collins, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Karel Gardas, 2003/12/08
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Andrew Suffield, 2003/12/08