[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] crypto signing take 2
From: |
Robert Collins |
Subject: |
Re: [Gnu-arch-users] crypto signing take 2 |
Date: |
Sat, 13 Dec 2003 19:08:55 +1100 |
On Sat, 2003-12-13 at 18:33, Karel Gardas wrote:
> Sounds very good! But you seems to resemble my hook based signing
> proposal. :-))
Erm, yes ;).
Actually it's not as general as most hooks are.
> Anyway, big thanks for your work on Arch!
No worries... now for the next release:
address@hidden/tla--gpg--1.1--patch-16
which does cached revisions.
I've decided not to sign --listing files - for two reasons.
1) they are trivially regeneratable in the event of concern about
integrity.
2) there content is no more than a replace for webdav search / ftp ls's.
those methods don't have signatures.
Lastly, as proof of concept, the gpg branch is a fully signed branch.
Rob
--
GPG key available at: <http://www.robertcollins.net/keys.txt>.
signature.asc
Description: This is a digitally signed message part
- Re: [Gnu-arch-users] crypto signing take 2, (continued)
Re: [Gnu-arch-users] crypto signing take 2, Robert Collins, 2003/12/12
Re: [Gnu-arch-users] crypto signing take 2, Robert Collins, 2003/12/13
Re: [Gnu-arch-users] crypto signing take 2,
Robert Collins <=