gnu-arch-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch


From: Robert Collins
Subject: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch
Date: Mon, 08 Dec 2003 09:55:28 +1100

On Mon, 2003-12-08 at 09:05, Florian Weimer wrote:


> > 2) Add a ßigned-archive" property to archives
> 
> This has to be set during archive registration.  You also have to
> specify the fingerprint of the accepted keys.

Nope. The archive needs to indicate if it's a signed one or not, rather
than a per-committer flag, otherwise multi-user archives, such as
savannah will likely end up hosting, will allow some users to sign and
some not to. As for accepted-keys, yes that needs to be local metadata
of some form, but for now, Tom has indicated he prefers a command line
flag.


> > 4) Modify arch_pfs_put_file to optionally sign files
> > 
> >    If arch_pfs_put_file is asked to store a file in an archive 
> >    with "signed-archive" set, it should work by storing the file
> >    locally (in a tmp dir), invoking gpg --detatch-sign to sign
> >    the file (using --passphrase-fd to pass the passphrase) and then
> >    store both files.
> 
> I'm not sure if this is really, really sufficient.

It seems same from a remote point of view. If a secure mktemp is used...
what needs to be changed?

> > 5) Write a shell script to check the signatures in an archive.
> 
> Clearly not sufficient. 8-)
> 
> Features which are required as well (IMHO):
> 
>   * SHA-1 hashes in changesets (both before and after patching)

A nicety but mostly irrelevant with signatures.

>   * "exact" application of changesets (hashes must match), especially
>     if a pristine tree is constructed

I'd put this in phase 2.

>   * archive name and changeset revision have to be covered by the
>     signature

The archive name and changeset are in the log which is signed. 

>   * signed changeset support for mkpatch/dopatch

For mkpatch, just sign after you tar it up. for dopatch, I think this
isn't appropriate, as dopatch operates on unpacked changesets.

>   * maybe something more elaborate for registering trusted developers

Completely out of scope for tla.

Rob
-- 
GPG key available at: <http://www.robertcollins.net/keys.txt>.

Attachment: signature.asc
Description: This is a digitally signed message part


reply via email to

[Prev in Thread] Current Thread [Next in Thread]