[Monotone-devel] Re: Rosterify and certificate keys

monotone-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Monotone-devel] Re: Rosterify and certificate keys

From:	Wim Oudshoorn
Subject:	[Monotone-devel] Re: Rosterify and certificate keys
Date:	Tue, 11 Apr 2006 09:59:01 +0200
User-agent:	Gnus/5.1002 (Gnus v5.10.2) Emacs/22.0.50 (darwin)

Bruce Stephens <address@hidden> writes:

> Tom Koelman <address@hidden> writes:
>
>> Is there some way in which I can make the certificates keep their
>> original key?
>
> No, because the certs have been resigned (because the revision numbers
> changed), and you (presumably) don't have all the relevant private
> keys.

But if you for a moment presume you have all/most of the relevant private keys?

> Presumably for specific problems you can hack something that'll work:
> if you're using particular certs, you could get a list of revisions
> with the author cert not you, and get the original author to create
> certs for those, and then delete the unnecessary certs if necessary
> (probably using SQL).  

This is really yucky.  First of all, there are thousands of revisions 
and even more certificates.  So nobody is going to do this by hand.
A script will help, but the script needs to have:

original database pre 0.26  : OLD
new database 0.26           : NEW

A - a mapping between revions in OLD to revisions in NEW.  
B - iterate over all 'my certificates' in OLD and recertify the corresponding
    revision in NEW.
C - delete all relevant old certificates in NEW.

not the tricky things are:

* I don't know how to get the mapping between OLD and NEW (step A)
* I don't know how to identify the certificates to delete in step C.

> It's yucky, but necessary when history gets rebuilt.  (On the positive
> side, the current trust model doesn't work that well anyway.)

Well, regardless of trust.  When you look back at the history, 
it is very usefull to know who issued certain certificates.
For example, suppose, like we do, someone issued the certificate:

fixed:  BUG-ID

or  

unfixed: BUG-ID

and you have an issues with regards to BUG-ID, it is convenient
to know who issued the certificate.

Also like the certificate:

sent-to: CLIENT-ID

it is good to know who issued the certificate.

Now I know full well that monotone is not the replacement of a bug tracking
system, but it is really nice to just look at the revision tree and
just see the signer name.

Wim Oudshoorn.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Monotone-devel] Re: Rosterify and certificate keys, (continued)
- Re: [Monotone-devel] Rosterify and certificate keys, Richard Levitte - VMS Whacker, 2006/04/10
  - Re: [Monotone-devel] Rosterify and certificate keys, Joel Crisp, 2006/04/10
    - Re: [Monotone-devel] Rosterify and certificate keys, Richard Levitte - VMS Whacker, 2006/04/10
    - Re: [Monotone-devel] Rosterify and certificate keys, Joel Crisp, 2006/04/10
    - [Monotone-devel] Re: Rosterify and certificate keys, Wim Oudshoorn, 2006/04/11
    - Re: [Monotone-devel] Re: Rosterify and certificate keys, Richard Levitte - VMS Whacker, 2006/04/11
    - Re: [Monotone-devel] Re: Rosterify and certificate keys, Timothy Brownawell, 2006/04/11
    - Re: [Monotone-devel] Re: Rosterify and certificate keys, Wim Oudshoorn, 2006/04/12
    - Re: [Monotone-devel] Re: Rosterify and certificate keys, Nathaniel Smith, 2006/04/12
    - Re: [Monotone-devel] Re: Rosterify and certificate keys, Derek Scherger, 2006/04/12

Prev by Date: [Monotone-devel] Re: Rosterify and certificate keys
Next by Date: [Monotone-devel] Re: Rosterify and certificate keys
Previous by thread: Re: [Monotone-devel] Re: Rosterify and certificate keys
Next by thread: Re: [Monotone-devel] Rosterify and certificate keys
Index(es):
- Date
- Thread