Re: [task #4633] GPG-Signed Commits

[Todd Denniston]

Derek Price wrote:
> 
> Todd Denniston wrote:
> 
> >What about instead of, or in addition to, what you are suggesting for
> >expired/revoked signatures, the sig ring should keep data on when keys
> >expired (already there correct?) or got revoked and thus CVS should flag new
> >sigs with those keys after the expire/revocation to notify the users, but
> >the old sigs should still be good/acceptable. Or have I just slipped of my
> >rocker?
> >
> >
> 
> I'm not sure what you mean.  The `cvs verify' command, and the automatic
> verification that can be performed on checkout, will notice any expired
> or revoked keys as invalid signatures.  This will be flagged as an error
> if there are not other, valid, signatures attached to the revision.
> 
> Did you have something else in mind?
No, this is the place I had in mind.

But I was going on the scenario:
system coding is done, 
years/decades/millennia pass,
Assume user keys have expired over this time.
Assume fact of nothing malicious has happened to the repository.
some one does `cvs verify' to see if what was committed has been tampered
with since commit.
Just because the sigs have "expired", everything is considered invalid even
though nothing except time has passed.

I believe that (at least as an option) the system should be able to tell me
that, ___at the time the commit was made___, the sig AND key were valid (non
expired, non revoked) and thus everything is still ok, with out having to
play games with the system clock.


-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane) 
Harnessing the Power of Technology for the Warfighter