gnu-arch-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch

From: Karel Gardas
Subject: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch
Date: Sun, 7 Dec 2003 22:42:19 +0100 (CET) 
On Mon, 8 Dec 2003, Robert Collins wrote:

> > 7) treat the passphrase "copy" specially.
>
> This feels wrong.
>
> I think a better way to indicate copying of signatures is via an
> explicit parameter, not via a magic passphrase.
>
> There is another thing to note: you haven't provided anywhere to declare
> which gpg uid / key to sign with. It's not uncommon for folk to have
> more than one signing identity.
>
> Now, in a multi user archive, there may be different folk committing
> with their own keys. So, an archive-specific metadata to select the
> committing key won't support multiple committers. Therefore we can
> either have some local metadata associated with the location, or we can
> use a parameter to commit (and/or a field in the user edited log file).
>
> I suggest --gpg-key=<string> to commit, and have no field name to
> suggest at this point.

Hmm, is this really worth the effort of added complexity to support
optional resigning instead of dump-copy of signatures?

BTW: for x509 you will need to change --gpg-key to something else. What
about to use: --sign-key=<string> --sign-mech=<mech>, where mech might be
``gpg'' or ``x509'' or others...

Cheers,

Karel
--
Karel Gardas                  address@hidden
ObjectSecurity Ltd.           http://www.objectsecurity.com
reply via email to
[Prev in Thread] Current Thread [Next in Thread]