[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] one more feature needed for signing
From: |
Jason McCarty |
Subject: |
Re: [Gnu-arch-users] one more feature needed for signing |
Date: |
Sat, 13 Dec 2003 17:22:59 -0500 |
User-agent: |
Mutt/1.5.4i |
Tom Lord wrote:
> A simple fix is:
>
> i) when creating a revision directory, create and store
> an additional file containing the lines:
>
> <fully-qualified revision name>
> <hash of CONTINUATION, if present>
> <hash of changeset, if present>
> <hash of full-text, if present>
> <hash of log>
>
> and sign that.
>
> ii) when creating an archive-cached revision, create
> and store an additional file containing the lines:
>
> <fully-qualified revision name>
> <hash of archive-cached tar bundle>
>
> and sign that.
It seems to me that this scheme would remove the need to sign each file
individually, while being just as strong security-wise. For archive
verification purposes, it's probably not necessary to sign cachedrevs,
since they can be regenerated at will. But it's a good idea to do so
anyway, for future versions of "tla get" that know about signatures.
> iii) supplement the signature checker with a tool that
> verifies the contents of those files: both that
> the hashes are correct and that the fully-qualified
> revision name is the right one.
And indeed, I think this tool would be sufficient without the other
signatures.
Jason