[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch
From: |
Florian Weimer |
Subject: |
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch |
Date: |
Sun, 7 Dec 2003 23:05:25 +0100 |
User-agent: |
Mutt/1.5.4i |
Tom Lord wrote:
> The advantage of doing this as the first step is that it won't
> be necessary to implement signature support twice (once for
> local file system archives, again for everything else).
I don't think signature verification should be done at the file system
interface.
> 2) Add a ßigned-archive" property to archives
This has to be set during archive registration. You also have to
specify the fingerprint of the accepted keys.
> 3) Modify arch_pfs_connect to collect a passphrase
This is not necessary, gpg-agent will take care of this (unless you want
something working tomorrow).
> 4) Modify arch_pfs_put_file to optionally sign files
>
> If arch_pfs_put_file is asked to store a file in an archive
> with "signed-archive" set, it should work by storing the file
> locally (in a tmp dir), invoking gpg --detatch-sign to sign
> the file (using --passphrase-fd to pass the passphrase) and then
> store both files.
I'm not sure if this is really, really sufficient.
> 5) Write a shell script to check the signatures in an archive.
Clearly not sufficient. 8-)
Features which are required as well (IMHO):
* SHA-1 hashes in changesets (both before and after patching)
* "exact" application of changesets (hashes must match), especially
if a pristine tree is constructed
* archive name and changeset revision have to be covered by the
signature
* signed changeset support for mkpatch/dopatch
* maybe something more elaborate for registering trusted developers
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, (continued)
- crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch], Karel Gardas, 2003/12/07
- Re: crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch], Robert Collins, 2003/12/07
- Re: crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch], Karel Gardas, 2003/12/07
- Re: crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch], Karel Gardas, 2003/12/07
- Re: crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch], Robert Collins, 2003/12/07
- Re: crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch], Karel Gardas, 2003/12/08
- Re: crypto signatures for arch/another proposal [was: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch], Paul Hedderly, 2003/12/09
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch,
Florian Weimer <=
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Thomas Zander, 2003/12/08
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Robert Collins, 2003/12/13