[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [task #4633] GPG-Signed Commits

From: Derek Price
Subject: Re: [task #4633] GPG-Signed Commits
Date: Tue, 04 Oct 2005 14:19:41 -0400
User-agent: Mozilla Thunderbird 1.0.7 (Windows/20050923)

Mark D. Baushke wrote:

> >Hrm.  Perhaps the best solution would still be just to use the
> >commitid?  If we ever find a system where both time() and /dev/urandom
> >are broken, then we can worry about using a counter as described above
> >as a fallback?
> I would actually suggest that if time() is broken on the server, that
> using gpg should just be disabled as it will never be possible to
> validate a signature in that case.

It would not be possible for the server to validate the signature, but a
client still could.  In the implementation we've been discussing, the
server need not be configured to validate signatures.

Of course, a server that can't put timestamps in the CVS archives is
arguably broken anyhow and perhaps not a reasonable porting target?  Of
course, such a server might still work otherwise.  I haven't heard of
anybody doing this but that doesn't mean it isn't being done.  Again,
though, I think this case may almost certainly be safely ignored until
we see bug reports about it.

Summary of my current conclusion: Stick with commitid as currently
implemented for use as the sequence identifier with signed-commits: NOW
+ 8 RANDOM BYTES, converted to base 62.


Derek R. Price
CVS Solutions Architect
Ximbiot <http://ximbiot.com>
v: +1 717.579.6168
f: +1 717.234.3125

reply via email to

[Prev in Thread] Current Thread [Next in Thread]