[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch
From: |
Robert Collins |
Subject: |
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch |
Date: |
Mon, 08 Dec 2003 06:37:20 +1100 |
On Mon, 2003-12-08 at 06:13, Tom Lord wrote:
>
> 3) Modify arch_pfs_connect to collect a passphrase
>
> It's a bit icky to keep the passphrase in tla's memory but I think
> it's more reasonable in this case than the alternatives.
>
> In libarch/pfs.c(arch_pfs_connect), after connecting, look for
> the "signed-archive" file. If present, prompt the user for
> a passphrase and record it.
Are you about this? GPG goes to some lengths to ensure that in-memory
passphrases aren't swapped out, so as to prevent presence in cores etc.
There are passphrase daemons around that can provide passphrases
automatically (see q-agent).
> 7) treat the passphrase "copy" specially.
This feels wrong.
I think a better way to indicate copying of signatures is via an
explicit parameter, not via a magic passphrase.
There is another thing to note: you haven't provided anywhere to declare
which gpg uid / key to sign with. It's not uncommon for folk to have
more than one signing identity.
Now, in a multi user archive, there may be different folk committing
with their own keys. So, an archive-specific metadata to select the
committing key won't support multiple committers. Therefore we can
either have some local metadata associated with the location, or we can
use a parameter to commit (and/or a field in the user edited log file).
I suggest --gpg-key=<string> to commit, and have no field name to
suggest at this point.
Rob
--
GPG key available at: <http://www.robertcollins.net/keys.txt>.
signature.asc
Description: This is a digitally signed message part
- [Gnu-arch-users] (volunteers?) crypto signatures for arch, Tom Lord, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch,
Robert Collins <=
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Tom Lord, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Robert Collins, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Tom Lord, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Robert Collins, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Charles Duffy, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Thomas Zander, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Thomas Zander, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Tom Lord, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Thomas Zander, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Tom Lord, 2003/12/08