Changesets feature complete
Aaron Bentley
aaron.bentley at utoronto.ca
Fri May 26 14:27:36 BST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John Arbash Meinel wrote:
> There is another thing that signing the whole changeset gets you. You
> can run one pass over it, and verify that the changeset itself is valid
> before you do any more work.
Using the signature as a checksum in other words? Well, yes, but we
could use a checksum for that, and we wouldn't need to type our PGP
passphrases...
>>I suppose one thing that signing the changeset would provide would be
>>evidence that the changeset itself is not maliciously written (as with
>>ActiveX browser plugins). But changesets aren't supposed to be
>>dangerous anyway - it's not like they're an executable format - so
>>that's a very limited advantage.
>
> It also makes it easier if you wanted to do the darcs thing of
> writing a line in your .procmailrc to automatically apply changesets
> that are sent to a particular email address.
So this is where I say "sign the message, not just the changeset". Just
because I signed a changeset, doesn't mean I think *you* should merge it
into *that* branch. This is something I think PQM really gets right.
> It also handles the case where I have merged Aaron, but he didn't sign
> any of his changes. I don't want to sign each one individually, but
> because they are part of history, they need to be included in the changeset.
But what are you asserting about my revisions? That they're authentic?
How can you be sure? You know that *your* revisions are authentic, and
that you trust them, and you're asking someone to merge *your*
revisions, not mine.
> The biggest thing in my mind is that you can do one pass over everything
> and just make sure that the text you are about to parse was sent by
> somebody who has access to keys that you trust.
Unless you require the message to be signed, you don't have that
guarantee. Having the changeset be signed means that it was *created*
by someone who has access to keys that you trust, not that they *sent*
the message or that they think it's a good idea for you to apply it.
Aaron
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFEdwJI0F+nu1YWqI0RAr9fAJ0dJzfc0mOS/eEOLjTSIMJB4KBMegCggVrM
/ciJ5NlMXCpMnY61Umb0gbs=
=DZnr
-----END PGP SIGNATURE-----
More information about the bazaar
mailing list