On Mon, 19 Feb 2024 at 01:17, Craig Russell <apache....@gmail.com> wrote: > > Hi Sebb(TEST) > > > On Feb 18, 2024, at 16:18, sebb <seb...@gmail.com> wrote: > > > > On Sun, 18 Feb 2024 at 23:46, sebbaz(Test) <sebbaz+t...@gmail.com > > <mailto:sebbaz+t...@gmail.com>> wrote: > >> > >> On Sun, 18 Feb 2024 at 17:14, Craig Russell <apache....@gmail.com> wrote: > >>> > >>> As you might have notices, we received an SGA signed with a GPG key. > >>> Whimsy verified the key but as far as I can see, the filing process did > >>> not store the key in the repository. > >> > >> Note that all the sig checks are done in the same routine, which saves > >> the key if it was successfully imported. > >> > >> It tried to save the SGA key, but failed; there was a problem with the > >> credentials (which I will try to fix). > > I did notice that there was some permissions problem with the __keys__ > directory but reloading the whimsy page seemed to fix it.
That's because the key is only stored on successful import, which had already occurred. > >> > >> Was no error reported? > > No error. It just seemed like the SGA code did not try to save the key. Apart from the permissions problem the first time around... > >> > >>> Perhaps we should change the name of the key repository to reflect that > >>> any of several documents might be signed, and change the code to store > >>> the key if it is used to sign any of the documents. > >>> > >> > >> The __keys__ directory is currently under iclas; perhaps it should be > >> moved to the same level as the iclas, cclas and grants. > > Yes, please. > > > > Upon further checking, this would entail setting up a new entry SVN > > auth entry with the appropriate permissions; not sure it's worth it. > > Thanks for checking. If it's not too much work, moving the __keys__ directory > a level above would make sense to me. > > Thanks, > Craig > > > >>> WDYT? > >>> > >>> Craig L Russell > >>> c...@apache.org <mailto:c...@apache.org> > Craig L Russell > c...@apache.org >