[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] signatures and checking
From: |
Robert Collins |
Subject: |
Re: [Gnu-arch-users] signatures and checking |
Date: |
Tue, 27 Jan 2004 17:02:41 +1100 |
On Tue, 2004-01-27 at 11:58, Tom Lord wrote:
> Several people have all agreed that the correct thing to do with
> signed checksum files is to ask gpg to print the signed content to
> stdout and to use that output rather than the contents of the file
> when parsing checksum data.
>
> They point out that, for example, gpg might perform some kind of
> quoting on the checksum data and that quoting can only be reliably
> reversed by asking GPG to make the reversal.
>
> I believe that that view is incorrect, though I'd like some feedback
> about my opinion in case I've missed something obvious.
>
> I would like checksum files to have the following properties:
>
> 1. Checksum data can be reliably extracted from them by tla
> _even_if_ the user has no ~/.arch-params/.../*.check file
> for the relevent archive.
>
>
> 2. They are "all in one" -- tla can read them, along with the
> signature, in a single file-fetch from the archive.
> In other words, detached signatures are not an option.
There's a patch to do most of this, and to use gpg to extraxt the data.
I've yet to review it. The key thing to remember is that the clearsigned
data /may/ be escaped by gpg. So if it's a signed archive, we should
always use gpg to extract the data, and with no check command, we could
default to 'gpg' ourselves. (Isn't a signed archive with no check a
failure anyway ?)
Rob
--
GPG key available at: <http://www.robertcollins.net/keys.txt>.
signature.asc
Description: This is a digitally signed message part
- [Gnu-arch-users] Re: signatures and checking, (continued)
- [Gnu-arch-users] Re: signatures and checking, Miles Bader, 2004/01/26
- [Gnu-arch-users] Re: signatures and checking, Tom Lord, 2004/01/26
- [Gnu-arch-users] Re: signatures and checking, Tom Lord, 2004/01/26
- Re: [Gnu-arch-users] Re: signatures and checking, Andrew Suffield, 2004/01/26
- Re: [Gnu-arch-users] Re: signatures and checking, Tom Lord, 2004/01/26
- Re: [Gnu-arch-users] Re: signatures and checking, Robert Collins, 2004/01/27
- Re: [Gnu-arch-users] Re: signatures and checking, Tom Lord, 2004/01/27
- [Gnu-arch-users] Re: signatures and checking, Neil Stevens, 2004/01/26
Re: [Gnu-arch-users] signatures and checking, Andrew Suffield, 2004/01/26
Re: [Gnu-arch-users] signatures and checking,
Robert Collins <=
Re: [Gnu-arch-users] signatures and checking, Johannes Berg, 2004/01/27
Re: [Gnu-arch-users] signatures and checking, Johannes Berg, 2004/01/27
Re: [Gnu-arch-users] signatures and checking, Johannes Berg, 2004/01/27