[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [task #4633] GPG-Signed Commits
From: |
Mark D. Baushke |
Subject: |
Re: [task #4633] GPG-Signed Commits |
Date: |
Fri, 23 Sep 2005 12:05:52 -0700 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Derek Price <derek@ximbiot.com> writes:
> Just a quick RFC on how this will integrate into the CVS command line &
> config. I'm thinking that signing will be off by default, with a simple
> `-g' global option to enable it.
>
> Since adding -g to a .cvsrc might not be acceptable for users that work
> with multiple roots, I think this should also be implemented as a method
> option that can be added to a CVSROOT string
> <http://ximbiot.com/cvs/wiki/index.php?title=CVS--Concurrent_Versions_System_v1.12.12.1:_The_Repository#The_connection_method>.
What option name do you suggest? :ext;sign=yes: ?
>
> Servers would have a three-level GPG requirement setting in CVSROOT/config:
>
> RequireGPGCommitSignatures=(no|yes|verify)
I don't know if the GPG name needs to be present or not. Folks could use
PGP or GPG or any other OpenPGP conformant program to get the job done,
couldn't they?
>
> Where `no' means signatures are allowed but not required, `yes' means
> signatures are required, and `verify' means that signatures are required
> and that the server verifies that submitted signatures are valid before
> allowing a commit.
I'm not sure that verify makes sense as an administrator may want to do
this kind of checking in a commitinfo trigger and base it on the web of
trust for a given key rather just saying it was signed...
-- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
iD8DBQFDNFIPCg7APGsDnFERAlGOAKCSiMEY25aILx+Hxe9/uG9uOGdELgCfR+ek
ij0lDon80jG3OALeBbn5fXw=
=Rj0p
-----END PGP SIGNATURE-----
- Re: [task #4633] GPG-Signed Commits, (continued)
- Re: [task #4633] GPG-Signed Commits, Derek Price, 2005/09/19
- Re: [task #4633] GPG-Signed Commits, Derek Price, 2005/09/19
- Re: [task #4633] GPG-Signed Commits, Todd Denniston, 2005/09/20
- Re: [task #4633] GPG-Signed Commits, Derek Price, 2005/09/20
- Re: [task #4633] GPG-Signed Commits, Todd Denniston, 2005/09/22
- Re: [task #4633] GPG-Signed Commits, Sylvain Beucler, 2005/09/21
- Re: [task #4633] GPG-Signed Commits, Derek Price, 2005/09/21
- Re: [task #4633] GPG-Signed Commits, Derek Price, 2005/09/23
- Re: [task #4633] GPG-Signed Commits,
Mark D. Baushke <=
- Re: [task #4633] GPG-Signed Commits, Derek Price, 2005/09/23
- Re: [task #4633] GPG-Signed Commits, Mark D. Baushke, 2005/09/23
- Re: [task #4633] GPG-Signed Commits, Derek Price, 2005/09/23
- Re: [task #4633] GPG-Signed Commits, Jim Hyslop, 2005/09/23
- Re: [task #4633] GPG-Signed Commits, Mark D. Baushke, 2005/09/23
- Re: [task #4633] GPG-Signed Commits, Derek Price, 2005/09/23
- Re: [task #4633] GPG-Signed Commits, Jim Hyslop, 2005/09/24
- Re: [task #4633] GPG-Signed Commits, Derek Price, 2005/09/24
- Re: [task #4633] GPG-Signed Commits, Mark D. Baushke, 2005/09/24
- Re: [task #4633] GPG-Signed Commits, Jim Hyslop, 2005/09/21