gnu-arch-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch

From: Karel Gardas
Subject: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch
Date: Mon, 8 Dec 2003 08:48:07 +0100 (CET) 
On Mon, 8 Dec 2003, Robert Collins wrote:

> On Mon, 2003-12-08 at 08:42, Karel Gardas wrote:
> > > I suggest --gpg-key=<string> to commit, and have no field name to
> > > suggest at this point.
> >
> > Hmm, is this really worth the effort of added complexity to support
> > optional resigning instead of dump-copy of signatures?
>
> Yes.
> Trivial case: uploading from an unsigned mirror to a signed public
> mirror.

This might be changed to script signing whole mirror + push-mirror of
signed archive.

> Trivial case: The public mirror is to be all signed by the 'authorised
> uploader', not the individual contributors.

This might be the case, but it apply only to multi-developer archives and
is not IMHO showstopper => doesn't need to be addressed in your
"immediate" solution.

> > BTW: for x509 you will need to change --gpg-key to something else. What
> > about to use: --sign-key=<string> --sign-mech=<mech>, where mech might be
> > ``gpg'' or ``x509'' or others...
>
> Wouldn't it make sense to simply use x509 all the time ?

I don't think so, since many people do not have their own x509
certificate, but they seem to use OpenPGP.

> Alternatively, we could have a gpg-options="--sign-key=rbtcollins
> --sign-mech=x509" tla command, which is then passed through to gpg.

Do not forget, that for example BSD community will at least like to use
non-gpl solution here: i.e. pgp, openssl. -- which IMHO should also be
supported.

Cheers,

Karel
--
Karel Gardas                  address@hidden
ObjectSecurity Ltd.           http://www.objectsecurity.com
reply via email to
[Prev in Thread] Current Thread [Next in Thread]