Keep a record of who pushed revisions to a repository
John Arbash Meinel
john at arbash-meinel.com
Tue Mar 8 12:47:22 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
...
> By looking at the code I was wondering if I could make use of
> Repository.add_signature_text() and append a short metadata with the
> authenticated user name. This would be done from a server-side trigger. Yes this
> would be a highly custom solution, but I guess it wouldn't break any
> compatibility either.
>
> BTW, I noticed that you had a plugin for verifying the signatures. It was
> available here: http://bzr.arbash-meinel.com/plugins/signing/ Unfortunately the
> link seems to be dead. I wanted to look at it for some examples how to read the
> signatures. Is it still available somewhere?
>
> Krzysztof
Yeah, I just moved internationally, and took my server down.
I have a copy of it somewhere (in a giant tarball, IIRC), but it was
pretty old code anyway. Just generally running "gpg --verify" for each
signature text. And trying to be a little bit fancy, assuming things
would succeed, so doing multiple entries in bulk and then bisecting to
locate failures.
A better solution would have been to use an active gpg process and send
them one-by-one. But requires something like pygpgme to control a gpg
process, rather than spawning for each one.
Even with this, it wouldn't help your 'custom text' case. Since those
wouldn't be valid signatures...
John
=:->
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk12JVoACgkQJdeBCYSNAANNwgCeNHW+YQktQTbWlCcJRXqxDylQ
FmEAniLZWcMFFXgaNpXKQU+SyhEBNXC0
=WDn1
-----END PGP SIGNATURE-----
More information about the bazaar
mailing list