On Wed, Apr 23, 2008 at 12:19 PM, Koen Kooi
<address@hidden> wrote:
Please ensure that new mtn releases can still talk to 'old'
releases over
netsync, otherwise you are needlessly stabbing people in the eye when
$distro upgrades their mtn version, but the main project server is
on debian
(old-)stable.
This is unfortunately not possible for many of the changes under
discussion. The magnitude of the "flag day" should not be
underestimated - we are talking about things that require reissuing
all certs. Have a look at the "0.25 or earlier" section of UPGRADE
for a description of what it was like for projects the last time we
had to do this.
We really need a scheme for versioning the algorithm used to digest
and sign a particular object. If we had that, then it would be
possible to continue checking signatures on old objects in the old
way, but use the new algorithm for all new objects. I have been
unable to think of any such algorithm that doesn't break the netsync
protocol by attaching additional information to signature strings, but
I confess to not having thought about it very hard.