On Thu, Oct 07, 2010 at 10:17:01AM -0400, James Cloos wrote:
> > "RHJ" == Robin H Johnson writes:
> >> Include the signing keyid in the filename to support both allowing
> >> multiple devs to sign a file and an easy indication of who signed it.
> RHJ> You can extract keyid from any signature t
> "RHJ" == Robin H Johnson writes:
>> Include the signing keyid in the filename to support both allowing
>> multiple devs to sign a file and an easy indication of who signed it.
RHJ> You can extract keyid from any signature trivially.
But if it is not in the filename you cannot have multipl
On Wed, Oct 06, 2010 at 01:31:21PM -0700, Zac Medico wrote:
> On 10/06/2010 12:47 PM, Robin H. Johnson wrote:
> > '(Signed Manifest commit)' - alter that to include the signing key env var.
> Ok, it's in git now:
> http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=c7d24916a47f087
On 10/06/2010 12:47 PM, Robin H. Johnson wrote:
> '(Signed Manifest commit)' - alter that to include the signing key env var.
Ok, it's in git now:
http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=c7d24916a47f08755932fdad1344f08808ad8022
--
Thanks,
Zac
On Tue, Oct 05, 2010 at 05:49:31PM -0700, Zac Medico wrote:
> On 10/05/2010 05:26 PM, Robin H. Johnson wrote:
> > On Tue, Oct 05, 2010 at 05:53:50PM -0400, James Cloos wrote:
> >> Have portage note in the ebuild log what was signed, by what key, and
> >> whether the sigs were true.
> > zmedico: can
On 10/05/2010 05:26 PM, Robin H. Johnson wrote:
> On Tue, Oct 05, 2010 at 05:53:50PM -0400, James Cloos wrote:
>> Have portage note in the ebuild log what was signed, by what key, and
>> whether the sigs were true.
> zmedico: can we include this in the repoman commit sig?
Sure. Currently, repoman
On Tue, Oct 05, 2010 at 05:53:50PM -0400, James Cloos wrote:
> > "RHJ" == Robin H Johnson writes:
>
> RHJ> Some more issues for you:
> RHJ> 1. Increases the size of the Manifest by a minimum of 710 bytes _per_
> RHJ>file. (4 bytes for 'GPG ', 700-900 for the hash, 1 for the field
> space
> "RHJ" == Robin H Johnson writes:
RHJ> Some more issues for you:
RHJ> 1. Increases the size of the Manifest by a minimum of 710 bytes _per_
RHJ>file. (4 bytes for 'GPG ', 700-900 for the hash, 1 for the field space,
5-12 bytes for the
RHJ>trailer).
RHJ> 1.1. 55907 Manifest2 entries
On Sun, Oct 03, 2010 at 09:58:48AM +0200, Micha?? G??rny wrote:
> The current signing approach gives all the responsibility for Manifest
> signature to the developer who committed last update to the ebuild
> directory regardless of the actual commit significance.
>
> Consider the following: Dev A
On 3 October 2010 13:28, Michał Górny wrote:
> Hello,
>
> I would like to propose a new attempt at Manifest signatures. Instead
> of using a single per-Manifest signature, we would keep separate
> signatures for each of the files, as an additional (optional) hash
> type.
>
>
> Motivation
> ---
Hello,
I would like to propose a new attempt at Manifest signatures. Instead
of using a single per-Manifest signature, we would keep separate
signatures for each of the files, as an additional (optional) hash
type.
Motivation
--
The current signing approach gives all the responsibility f
11 matches
Mail list logo
