arx-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Arx-users] register-archive and signing


From: Walter Landry
Subject: Re: [Arx-users] register-archive and signing
Date: Wed, 08 Dec 2004 20:29:00 -0500 (EST)

Kevin Smith <address@hidden> wrote:
> On Tue, 2004-12-07 at 22:38 -0500, Walter Landry wrote:
> > > If you specify both the name and location, then ArX will
> > > not download any public keys.  In that case, the archive will be treated
> > > as if it is not signed.
> > > ---
> > > 
> > > So would that really disable signature checking? Is that just a
> > > temporary state while you're working on the signing feature, or do you
> > > envision it staying that way as a "feature"? 
> > 
> > Maybe not.  I was a little worried about requiring people to have yet
> > another program (gpg) installed on their machine.  However, I can set
> > it up so that the only real trouble people without gpg will have is
> > that they will get lots of warnings when downloading stuff from signed
> > archives.
> > 
> > However, it will mean that you can't register an archive unless you
> > can connect to it.  Otherwise, you would not be able to get the public
> > keys.  I don't know if that is really a problem, since I can't think
> > of any reason to register an archive unless you want to see what it
> > has.
> 
> My main concern was that the signed-ness of an archive should not be
> determined implicitly. I guess I see now why it worked out that way, but
> I would prefer that it somehow fail, rather than quietly turning off
> signature checking.
> 
> I can imagine wanting to register an archive that is not currently
> accessible, but I don't think that is a critical feature. I think it
> would be reasonable to disable that ability, which would then solve my
> concern. 

I agree (arx.2.1,133).

> You could add an --unsigned option that would disable signature checking
> for an archive. If sig-checking is expected to be the norm, then I would
> like to see a check right then for gpg availability, and if it's not
> there, force the user to say --unsigned. If sig-checking is expected to
> be more of a side case, then you might automatically (with a warning)
> disable sig-checking for any archive that was registered when gpg was
> not available.

I think I would like to wait and see how signatures pan out before I
introduce such an option.  My guess is that the vast majority of users
will have gpg installed, and the vast majority of archives will not be
signed.  So that leaves us with the intersection of two minorities,
and the only thing they will suffer from is warning when they get
revisions.

Or maybe not.  That is why I want to wait.

Walter





reply via email to

[Prev in Thread] Current Thread [Next in Thread]