gnu-arch-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch


From: Robert Collins
Subject: Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch
Date: Sun, 14 Dec 2003 08:12:02 +1100

On Sun, 2003-12-14 at 03:33, Tom Lord wrote:
>     > From: Robert Collins <address@hidden>

>     > Implements signing of:
>     > imports
>     > changesets
>     > logs
> 
> All files in the archive should be signed including =meta-info files,

\=meta-info I considered, and deliberately didn't sign. I couldn't see
any security sensitive info in them, that isn't trivially verifyable.

> CONTINUATION files,

are signed.

>  .listing files,

deliberately not signed - see my reasoning, or asuffields. Signing these
is both pointless and bad.

>  and archive-cached revisions.

are signed.

> That's the idea behind doing the signing in pfs_put_file and creating
> pfs_put_file_atomic.

Nice idea, but it breaks the layering wholesale. 

Rob


-- 
GPG key available at: <http://www.robertcollins.net/keys.txt>.

Attachment: signature.asc
Description: This is a digitally signed message part


reply via email to

[Prev in Thread] Current Thread [Next in Thread]