[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: crypto signatures for arch/another proposal [was: Re: [Gnu-arch-user
|
From: |
Robert Collins |
|
Subject: |
Re: crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch] |
|
Date: |
Mon, 08 Dec 2003 08:54:14 +1100 |
On Mon, 2003-12-08 at 08:49, Karel Gardas wrote:
> On Mon, 8 Dec 2003, Robert Collins wrote:
>
> > You basically replicate Tom's proposal, with a few key changes:
> > 1) metadata per archive registration, not per archive.
> > 2) the use of x509
> > 3) keeping tla out of the TCB.
> > 4) minor logic about whether to dumb-copy signatures or to optionally
> > resign.
>
> Have you noticed hook proposal? i.e. what do you think about doing whole
> crypto in hook script(s)?
Yes, but it's got problems.
1) we'd have to use new hooks. Currently hooks around commit occur after
the changeset is uploaded (race condition on signing) or before the
changeset is created.
2) It doesn't allow for consistent operation on multi-user archives.
Basically, I think this is something well worth doing in tla.
Rob
--
GPG key available at: <http://www.robertcollins.net/keys.txt>.
signature.asc
Description: This is a digitally signed message part
crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch], Karel Gardas, 2003/12/07
Re: crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch], Paul Hedderly, 2003/12/09
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Florian Weimer, 2003/12/07
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Thomas Zander, 2003/12/08
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Robert Collins, 2003/12/13