[Monotone-devel] Re: Rosterify and certificate keys

[Bruce Stephens]

Tom Koelman <address@hidden> writes:

> I just rosterified a database. On inspecting the contents of the new
> database I found out that all certificates had been reissued with my
> own e-mail-adress. This would be an issue for a trust model based on
> who handed out what certificate.

Yes indeed.

> Is there some way in which I can make the certificates keep their
> original key?

No, because the certs have been resigned (because the revision numbers
changed), and you (presumably) don't have all the relevant private
keys.

Presumably for specific problems you can hack something that'll work:
if you're using particular certs, you could get a list of revisions
with the author cert not you, and get the original author to create
certs for those, and then delete the unnecessary certs if necessary
(probably using SQL).  

It's yucky, but necessary when history gets rebuilt.  (On the positive
side, the current trust model doesn't work that well anyway.)