gnu-arch-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch

From: Karel Gardas
Subject: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch
Date: Mon, 8 Dec 2003 09:13:10 +0100 (CET) 
On Tue, 9 Dec 2003, Robert Collins wrote:

> > > Trivial case: The public mirror is to be all signed by the 'authorised
> > > uploader', not the individual contributors.
> >
> > This might be the case, but it apply only to multi-developer archives and
> > is not IMHO showstopper => doesn't need to be addressed in your
> > "immediate" solution.
>
> Well, we don't know the use cases that will be used. the immediate
> solution needs to DTRT for any remote archive, for changeset uploads.
> And, there is little extra complexity here AFAICT.

By added complexity I mean resigning of changesets.

> > > Alternatively, we could have a gpg-options="--sign-key=rbtcollins
> > > --sign-mech=x509" tla command, which is then passed through to gpg.
> >
> > Do not forget, that for example BSD community will at least like to use
> > non-gpl solution here: i.e. pgp, openssl. -- which IMHO should also be
> > supported.
>
> well pgp isn't even opensource, so I don't see that making the bsd
> community happy. And openssl is a transport, not relevant here (AFAIK).

Hmm, from various bsd mailing lists, I've got an impression that they are
friends of pgp... (but I can be mistaken)

w.r.t. openssl, I'm afraid you are not right, it is also suitable for
signing. Please try "openssl x509 help" on your system.

Cheers,

Karel
--
Karel Gardas                  address@hidden
ObjectSecurity Ltd.           http://www.objectsecurity.com
reply via email to
[Prev in Thread] Current Thread [Next in Thread]