[merge] bzr re-sign update
Robert Collins
robertc at robertcollins.net
Wed Feb 15 04:33:48 GMT 2006
On Tue, 2006-02-14 at 21:21 -0600, John A Meinel wrote:
> John A Meinel wrote:
> > Aaron Bentley wrote:
> >> John A Meinel wrote:
> >>>> I updated 'bzr re-sign' so that it can take more than one revision id as
> >>>> an argument.
> >> ...
> >>>> I'm seeking a +1 so I can put it into integration.
> >> +1, but it would be cooler if you could re-sign all your old revisions
> >> without using xargs.
> >>
> >> Aaron
> >
> > Because I realized I really do agree with you, I wrote a plugin.
> >
> > http://bzr.arbash-meinel.com/plugins/signing/
>
> And one more update. This plugin now has 'bzr verify-sigs' which can
> optionally be run in batch mode. (Batch mode will not work when we
> switch to knits, since it expects each file to be separate).
>
> It basically just verifies each signature (as though you did find
> .bzr/revision-store -name '*.sig' | xargs gpg --verify-files), but it
> generates aggregate statistics, which means that the output is much more
> manageable.
What are you using to verify ? (just gpg ?)
> I'm also happy to report that all signatures verify in my
> jam-integration branch. We have 5 signatures from jamesh, 100 from
> Robert Collins, and 413 from myself. (I went back and signed all of my
> commits).
Cool. I'd love for sign-my-commits to be builtin. +1 for you doing that
if you add some smoke tests. :)
For validation, plain old gpg is fine for non-policy validation, and its
a good start, but I suspect we'll need gpgme in one form or another for
things like 'permit anyone with a uid matching the committer id and
level 2 confidence in that uid'. (there is a new wrapper that is much
nicer than pyme that I'm tracking down at the moment).
But it would rock to start fleshing out the validation side of the gpg
stuff in bzr core.
Rob
--
GPG key available at: <http://www.robertcollins.net/keys.txt>.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20060215/04d8991c/attachment.pgp
More information about the bazaar
mailing list