[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch

From: Karel Gardas
Subject: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch
Date: Sun, 7 Dec 2003 22:42:19 +0100 (CET)

On Mon, 8 Dec 2003, Robert Collins wrote:

> > 7) treat the passphrase "copy" specially.
> This feels wrong.
> I think a better way to indicate copying of signatures is via an
> explicit parameter, not via a magic passphrase.
> There is another thing to note: you haven't provided anywhere to declare
> which gpg uid / key to sign with. It's not uncommon for folk to have
> more than one signing identity.
> Now, in a multi user archive, there may be different folk committing
> with their own keys. So, an archive-specific metadata to select the
> committing key won't support multiple committers. Therefore we can
> either have some local metadata associated with the location, or we can
> use a parameter to commit (and/or a field in the user edited log file).
> I suggest --gpg-key=<string> to commit, and have no field name to
> suggest at this point.

Hmm, is this really worth the effort of added complexity to support
optional resigning instead of dump-copy of signatures?

BTW: for x509 you will need to change --gpg-key to something else. What
about to use: --sign-key=<string> --sign-mech=<mech>, where mech might be
``gpg'' or ``x509'' or others...


Karel Gardas                  address@hidden
ObjectSecurity Ltd. 

reply via email to

[Prev in Thread] Current Thread [Next in Thread]