gnu-arch-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] Re: signatures and checking

From: Tom Lord
Subject: Re: [Gnu-arch-users] Re: signatures and checking
Date: Tue, 27 Jan 2004 08:04:25 -0800 (PST) 
    > From: Robert Collins <address@hidden>

    > > If my archive is bitwise-identical to yours, and you have checked
    > > signatures, and I trust that you've checked signatures, then I don't
    > > need to check signatures.

    > > That means that what you (the signature checker) see for checksum data
    > > and what I (the non-signature checker) see for that data must be the
    > > same.

    > Which means you cannot use clearsigned signatures. They will alter lines
    > in the body to prevent the end of signature being incorrectly
    > identified.

If the lines that your signing have arbitrary, uncontrolled content --
and something that would otherwise confuse gpg appears -- then sure,
gpg has to quote it.

But the lines we're signing don't have arbitrary, uncontrolled content
and don't seem to include anything that could confuse gpg.  It isn't
difficult to preserve that as an invarient.  It isn't unreasonable to
ask gpg maintainers for an official word on a subset of the grammar
for lines that will never confuse current or any future versions of
gpg.   That doesn't even require changing gpg although an option that
does what my awk script does would be a nice convenience.


-t
reply via email to
[Prev in Thread] Current Thread [Next in Thread]