[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Arx-users] Playing with sig command
|
From: |
Walter Landry |
|
Subject: |
Re: [Arx-users] Playing with sig command |
|
Date: |
Sun, 12 Dec 2004 00:21:56 -0500 (EST) |
Kevin Smith <address@hidden> wrote:
> Well, I added a key to my existing archive, and then tried to sign the
> archive contents. The key was added (it now shows up when I do an arx
> archives), but I can't tell whether I successfully signed this branch or
> not:
>
> address@hidden bash-complete $ arx sig --add address@hidden/arx
> address@hidden bash-complete $ arx sig address@hidden/arx
> address@hidden bash-complete $ arx sig address@hidden
> address@hidden bash-complete $ arx sig address@hidden/eifi
> address@hidden bash-complete $ arx browse
> address@hidden
> arx
> kevins
> 0 .. 1
>
> Did the --add work? Can't tell. Note that eifi is not a valid branch
> inside the archive. The sig verify should print success or failure. Oh,
> I just realized that the --add must not have worked, because it never
> asked me for my password :-( Ah. I should have said /arx.kevins.
This is, partly, yet another manifestation of ArX being silent when
you specify an incorrect branch. Yet another reason to fix it
(arx.2.1,153).
> Doh! That asks me for my password for EACH patch. It doesn't tell me how
> many patches I'm going to have to sign, and it doesn't even tell me
> which patch I am being prompted for. The doc needs to warn about that,
> and strongly suggest that you'll want to use a key agent if you're
> signing an existing archive.
Ok.
> Of course, since quintuple agent is installed but not yet working on my
> machine (for unknown reasons), I now have an invalid archive, where a
> key is specified, but only a couple patches are signed. Not good.
Hmm. Invalid is a bit strong. I can get those few revisions you
signed, and it will verify those signatures. In any case, you can't
prevent this from happening, even with an agent, because you can press
Ctrl-C in the middle.
> Also, you should be able to sign an entire archive, rather than just a
> branch. That's what you want to do when you have an existing archive.
Ask, and you shall receive (arx.2.1,148). This will also make the
first two commands you typed
> address@hidden bash-complete $ arx sig --add address@hidden/arx
> address@hidden bash-complete $ arx sig address@hidden/arx
work as expected.
> On a different note, it is still unclear to me why the option even
> exists to sign individual branches or patches. At a minimum, the manual
> should strongly discourage that. Ideally, it would be impossible (or at
> least difficult) to sign anything less than an entire archive, since
> doing so will cause the archive to be invalid.
>
> Ah. I guess it would be if a few patches were signed by a key that has
> recently been deleted. Seems like it would be better to handle that as
> part of the delete process, so things never become invalid. The act of
> deleting a key could automatically sign the now-orphaned items with a
> key you specify.
I think that will make things even more complicated.
> If signing individual patches really is a necessary feature, it should
> be shoved way in the back where normal folks won't get confused by it.
I think this is a documentation issue. Most people will never have to
use the sig command.
> Is wlandry signed?
No.
> As of the last time I registered it, it was not. Are you waiting for
> the feature to stabilize first?
Yes.
Walter