[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Commits signed by key not registered on Savannah
|
From: |
Ludovic Courtès |
|
Subject: |
Re: Commits signed by key not registered on Savannah |
|
Date: |
Sun, 12 Feb 2017 14:43:31 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
Hi!
The idea that I had while trying to see how to map TUF to Git¹ was to
store keys in the Git repo we’re authenticating. We’d store a list of
“authorized keys” for each “role” that we define. One of the roles
would be “update the authorized committer keys”, for instance.
Thus, to authenticate a Git commit, we’d have to check whether it was
made by a committer whose key was marked as authorized in the previous
commit.
I’d like to toy with this idea and see whether it’s hard to implement
and how well that would perform.
Thoughts?
Ludo’.
¹ https://bugs.gnu.org/22883
- Commits signed by key not registered on Savannah, Mark H Weaver, 2017/02/11
- Re: Commits signed by key not registered on Savannah, David Craven, 2017/02/11
- Re: Commits signed by key not registered on Savannah, Ludovic Courtès, 2017/02/11
- Re: Commits signed by key not registered on Savannah, Mark H Weaver, 2017/02/11
- Re: Commits signed by key not registered on Savannah, Mark H Weaver, 2017/02/11
- Re: Commits signed by key not registered on Savannah, David Craven, 2017/02/11
- Re: Commits signed by key not registered on Savannah, ng0, 2017/02/12
- Re: Commits signed by key not registered on Savannah, David Craven, 2017/02/12
- Re: Commits signed by key not registered on Savannah,
Ludovic Courtès <=
- Re: Commits signed by key not registered on Savannah, Mark H Weaver, 2017/02/12
- Re: Commits signed by key not registered on Savannah, Leo Famulari, 2017/02/12