bzr.dev missing signatures
Jan Hudec
bulb at ucw.cz
Mon May 8 19:40:56 BST 2006
On Mon, May 08, 2006 at 11:54:52 -0500, John A Meinel wrote:
> We also need to decide whether we want to support signing commits that
> don't match on email address. (Whether because john at arbash-meinel.com is
> signing commits for john at johnmeinel.com, or because I'm approving
> abentley at utoronto.ca commits).
IMHO the former should not happen -- a key can have multiple identities
atached, so it should list all identities under which you commit.
The later is however a valid use-case and should be supported. It kind of
implies to me, that multiple signatures per revision should be valid.
> As a first draft, I would really consider setting it to require that the
> email addresses match. But I don't know how to extract the address from
> gpg. And I assume you would want the rich pyme/libgpgme interface,
> rather than calling out to gpg --verify and reading the output of stderr.
>
> For my signing plugin, I might actually go ahead and do that. At least
> search through the 'aka' texts for a matching email address. I'm
> thinking it is a lot better to just match the email portion, since there
> are a lot of variations on how to write your name:
> John Meinel
> John A Meinel
> John Arbash Meinel
> Meinel, John A
> ...
For the first cut it sounds reasonable. The signature with non-matching id
really has a bit different meaning and I think bzr should eventually
distinguish them.
--
Jan 'Bulb' Hudec <bulb at ucw.cz>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20060508/ab76c258/attachment.pgp
More information about the bazaar
mailing list