Re: [Arx-users] Signature command set

[Walter Landry]

Kevin Smith <address@hidden> wrote:
> On Thu, 2004-12-09 at 21:12 -0500, Walter Landry wrote:
> > Kevin Smith <address@hidden> wrote:
> > > * [IS THIS TRUE?] When a patch is pulled from a signed archive, all
> > > signatures associated with that patch will also be pulled. Thus, a patch
> > > may be signed by multiple keys. 
> > 
> > No, a patch may be signed by only one key.
> 
> So when I pull your patch into my archive, it remains signed by you, but
> the resulting revision is signed by me?

I am not quite sure by what you mean by "pull your patch".  If you
mirror my archive, then my signatures will go along with it.  If you
apply my patch to your tree and commit, my signature is no longer there.

> > Also, you can sign a revision even if the archive does not have your
> > public key.
> 
> This confuses me. I don't even know where to begin. Revision signatures
> are only stored in an archive, right? (As opposed to popping out a
> detached sig file that the user would save elsewhere).

Correct.

> What does it mean for the archive to have or not have a public key if it
> doesn't control what can be signed?

It means that someone who downloads that particular revision will get
a big, fat "signature failed".  So the archive is, in a sense,
inconsistent.  I could put in a check to make sure that you are
signing with a key listed in the archive.  But I don't think that it
is possible to eliminate all problems.  For example, deleting a key
instantly makes any revisions signed by that key invalid.

<snip>

> > > It might be helpful to document the "single-user" case separately from
> > > the case where multiple developers have write access. It seems to me
> > > that a fair bit of complexity comes in the multi-user scenario, and as a
> > > single-user user, I would like to know what I can ignore. I think
> > > distributed RCS's shine in single-user mode, and it's almost always the
> > > way I work, so it tends to be where I focus.
> > 
> > I am not quite sure what you mean by single-user.  For a person
> > working alone, they can completely ignore signatures.  Checksums are a
> > little interesting, but can usually be ignored.
> 
> By "single user", I mean that only one person has write access to an
> archive. All group work is managed by pulling patches from other
> readable archives, or emailing patches around.

Ah.  In that case, you still need all of the "sig" functionality,
because keys can expire or become compromised.

> That seems like quite a different situation than if multiple
> developers can all write directly into the same physical archive. Or
> does ArX not even support the latter model? Several of the features
> seemed oriented toward that approach.
> 
> I'm trying to understand why there would ever be multiple keys in an
> archive. If it's my archive, and I'm vouching for it (as you have said),
> then wouldn't my key be the only key?

ArX does support having multiple writers to a single archive.  You
have to be careful with umask, but otherwise it should work fine.

Walter