monotone-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] Dealing with lost key

From: Ethan Blanton
Subject: Re: [Monotone-devel] Dealing with lost key
Date: Sun, 18 Jan 2009 14:53:10 -0500
User-agent: Mutt/1.5.17+20080114 (2008-01-14) 
Brian May spake unto us the following wisdom:
> I would simplify this to a even more common problem:
> 
> Person A, after numerous contributions to the project discovers is
> laptop computer has been stolen, and as such cannot be sure the security
> of his private key is still intact.
> 
> He wants to be able to indicate to the project at large that all
> existing revisions are Ok, but future revisions are not.
> 
> How does monotone tell which are the old revisions and which are the new
> ones? Note: You cannot trust the time saved in certificates, it is
> trivial to update the system clock to an earlier date and commit changes.
> 
> Maybe just mark the key as bad and require somebody manually resign all
> good code with a good key?

Note that it is actually sufficient to sign only the newest known good
revisions, and the transitive closure of the revision graph will
capture all good revisions.

Ethan

-- 
The laws that forbid the carrying of arms are laws [that have no remedy
for evils].  They disarm only those who are neither inclined nor
determined to commit crimes.
                -- Cesare Beccaria, "On Crimes and Punishments", 1764

Attachment: signature.asc
Description: Digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]