gnu-arch-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] signatures and checking

From: Tom Lord
Subject: Re: [Gnu-arch-users] signatures and checking
Date: Tue, 27 Jan 2004 06:36:58 -0800 (PST) 

    > From: Robert Collins <address@hidden>

    > There's a patch to do most of this, and to use gpg to extraxt
    > the data.  I've yet to review it.

I'm not so sure you should.


    > The key thing to remember is that the clearsigned
    > data /may/ be escaped by gpg. 

Under what conditions?  We're throwing a pretty conservative syntax at it.

GPG aside for the moment, having _some_ clear-signing tool that
handles our conservatively formatted data in a satisfactory way is
clearly a reasonable thing to want.

GPG --clearsign happens to let us build such a tool "unofficially" for
now.  Why isn't that the way to proceed while asking for an official
GPG feature (or even just official statement specifying some of the
quoting and formatting requirements of the existing --clearsign)?


    > So if it's a signed archive, we should always use gpg to extract
    > the data, and with no check command, we could default to 'gpg'
    > ourselves. 

I'd rather not depend on gpg for reading archives.

    > (Isn't a signed archive with no check a failure
    > anyway ?)

No.

-t
reply via email to
[Prev in Thread] Current Thread [Next in Thread]