Re: [Gnu-arch-users] Re: MD5 is broken

[John Arbash Meinel]

Aaron Bentley wrote:
...

> > Again, my feeling was to make it expandable, so that if someone wants to
> > turn on gpg signing, they know in advance that they should probably set
> > up a gpg-agent of some sort. Actually, since baz now requests 2
> > signatures on a commit, it motivated me to set up gpg-agent.
>
>
> We're working on ways of bringing it back down to 1.  It may require
> an archive format bump, though.
Are you thinking to include the archive.gz checksum in the file? Is
there a reason tla checksum files can't support having files in there
that it doesn't understand? The format of the file seems perfectly
expandable, and certainly tla handles the baz sha checksums without any
problem.

What caused problems with the line?
md5 ancestry.gz aoeuaoeuthnaeou

> > My statement was to let people be as paranoid as they want to be. If
> > they don't want an agent and want to sign 4 times, let them.
>
>
> My sentiment is "let's not punish people who want to operate in a
> secure fashion".
True. Hence we provide a decent level of security, and if someone wants
their setup to be ultra-secure, we give them the option, with associated
difficulty. Security is a tradeoff, so I don't think we can set a hard
fast rule, probably only a baseline.

> > I wasn't advocating that it was the default.
>
>
> Okay, I wasn't clear on that before.
>
> > Remember, doing a "tag" already requires 2 sigs, because it does a
> > cacherev.
>
>
> Well, only when you tag from a different archive.  It doesn't do a
> cacherev if the direct ancestor is in the same archive.
>
> Aaron

John
=:->

signature.asc
Description: OpenPGP digital signature