bzr.dev missing signatures
Martin Pool
mbp at canonical.com
Wed May 10 02:45:19 BST 2006
On 8 May 2006, John A Meinel <john at arbash-meinel.com> wrote:
> I think I would prefer to hold off on that until we actually have
> signature verification. Using the indexes you can easily figure out what
> needs to be merged, and then you can pull them, verify them, and save them.
>
> That was part of why I updated my 'signing' plugin. Because I realized
> that just checking the signature wasn't enough. You could have a
> signature of bogus text.
Do you think we could merge the signing plugin into bzr core?
> We also need to decide whether we want to support signing commits that
> don't match on email address. (Whether because john at arbash-meinel.com is
> signing commits for john at johnmeinel.com, or because I'm approving
> abentley at utoronto.ca commits).
In the first place I would say that it should match the revision's
author address. As Jan pointed out you can add as many addresses to a
key as you like. If it doesn't already, the signing plugin could use
'gpg -u' to make them match.
Signing someone else's commits, to say "I approve of this commit by
Aaron" is interesting but secondary. You can get something like it at
the moment by signing a merge of aaron's revision into your own branch.
> As a first draft, I would really consider setting it to require that the
> email addresses match. But I don't know how to extract the address from
> gpg. And I assume you would want the rich pyme/libgpgme interface,
> rather than calling out to gpg --verify and reading the output of stderr.
I had the impression that gpgme was in fact just a parser for gpg's
batch output, but I might be wrong. So then it's just a matter of
whether it's easier to link it, or easier to correctly parse out
the bits we want.
--
Martin
More information about the bazaar
mailing list