gnu-arch-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] crypto signing take 2

From: Robert Collins
Subject: Re: [Gnu-arch-users] crypto signing take 2
Date: Sat, 13 Dec 2003 14:13:01 +1100 
On Tue, 2003-12-09 at 07:51, Tom Lord wrote:
> First) I get the message that tla should _not_ read passphrases.
> 
> Second) Here is an alternative approach:
> 
> 1) As before, the existence of =meta-info/signed-archive
>    indicates that files are supposed to be signed.

Done.

> 2) A user can have files:
> 
>      ~/.arch-params/=gpg/=default
>      ~/.arch-params/=gpg/<archive-name>
> 
>    containing the commands to use to sign by default or for
>    a particular archive.   The contents of those files would be
>    something like:
> 
>       agpg --detatch-sign --local-user FOO %F
> 
>    where tla replaces %F by a file name.
> 
>    (The default default command should presumably be
> 
>         gpg --detatch-sign %F
>    )

What about stuffing this into hook? It'd be simpler (use the existing
run-hook framework, allow the user to choose which keys/commands to use
on a more granular level - i.e. the user could sign each branch
separately.)


> 3) (internals) the arch_pfs_put_file routine will sign files
>    a new arch_pfs_put_atomic routine will be added

Done.


Rob
-- 
GPG key available at: <http://www.robertcollins.net/keys.txt>.

Attachment: signature.asc
Description: This is a digitally signed message part

reply via email to
[Prev in Thread] Current Thread [Next in Thread]