Keep a record of who pushed revisions to a repository
Krzysztof Nowicki
krissn at op.pl
Tue Mar 8 14:07:37 UTC 2011
On 2011-03-08 13:47, John Arbash Meinel wrote:
>
> ...
>> By looking at the code I was wondering if I could make use of
>> Repository.add_signature_text() and append a short metadata with the
>> authenticated user name. This would be done from a server-side trigger. Yes this
>> would be a highly custom solution, but I guess it wouldn't break any
>> compatibility either.
>
>> BTW, I noticed that you had a plugin for verifying the signatures. It was
>> available here: http://bzr.arbash-meinel.com/plugins/signing/ Unfortunately the
>> link seems to be dead. I wanted to look at it for some examples how to read the
>> signatures. Is it still available somewhere?
>
>> Krzysztof
>
> Yeah, I just moved internationally, and took my server down.
>
> I have a copy of it somewhere (in a giant tarball, IIRC), but it was
> pretty old code anyway. Just generally running "gpg --verify" for each
> signature text. And trying to be a little bit fancy, assuming things
> would succeed, so doing multiple entries in bulk and then bisecting to
> locate failures.
>
> A better solution would have been to use an active gpg process and send
> them one-by-one. But requires something like pygpgme to control a gpg
> process, rather than spawning for each one.
>
> Even with this, it wouldn't help your 'custom text' case. Since those
> wouldn't be valid signatures...
>
> John
> =:->
Who said that I wanted to GPG-verify them. I just want to read them in case I
need to identify who's SSH key was used to push a revision to the public repo.
Krzysztof
More information about the bazaar
mailing list