[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] signing and push-mirror
|
From: |
Tom Lord |
|
Subject: |
Re: [Gnu-arch-users] signing and push-mirror |
|
Date: |
Thu, 11 Dec 2003 09:18:10 -0800 (PST) |
> From: Robert Collins <address@hidden>
> my point on this seems to have been lost in the noise (unless it
> was part of it :})
> I don't like the aspect of your proposal #2 where push mirror
> re-signs changesets as a mandatory thing.
I didn't make it clear enough what I meant.
Signing can be implemented in two steps -- two milestones.
Step 1 is what I described in the "take 2" proposal.
There's nothing that precludes doing signature copying on top of that
in step 2. It's icky that we have to worm around certain abstraction
layers to make it work but when I mentioned that ickiness it was just
to say "Well, that's going to be icky" not "So, let's not do it at
all."
> IMO keeping the existing signatures is quite important for the
> common case of someone tracking an 'official' repository, who
> wants to be able to verify the sigs - in their mirror.
Sure.
The other reason I postponed it, by the way, is that I think in many
situations rsync hacks are just a better option than push-mirror --
the only problem being that the require a distinct archive-side
service. rsync hacks would, of course, always copy signatures and
never re-sign.
-t