[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [task #4633] GPG-Signed Commits

From: Derek Price
Subject: Re: [task #4633] GPG-Signed Commits
Date: Tue, 20 Sep 2005 16:01:39 -0400
User-agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)

Todd Denniston wrote:

>What about instead of, or in addition to, what you are suggesting for
>expired/revoked signatures, the sig ring should keep data on when keys
>expired (already there correct?) or got revoked and thus CVS should flag new
>sigs with those keys after the expire/revocation to notify the users, but
>the old sigs should still be good/acceptable. Or have I just slipped of my

I'm not sure what you mean.  The `cvs verify' command, and the automatic
verification that can be performed on checkout, will notice any expired
or revoked keys as invalid signatures.  This will be flagged as an error
if there are not other, valid, signatures attached to the revision.

Did you have something else in mind?



Derek R. Price
CVS Solutions Architect
Ximbiot <http://ximbiot.com>
v: +1 717.579.6168
f: +1 717.234.3125

reply via email to

[Prev in Thread] Current Thread [Next in Thread]