Re: [Arx-users] Signature command set

[Kevin Smith]

On Thu, 2004-12-09 at 21:12 -0500, Walter Landry wrote:
> Kevin Smith <address@hidden> wrote:
> > * [IS THIS TRUE?] When a patch is pulled from a signed archive, all
> > signatures associated with that patch will also be pulled. Thus, a patch
> > may be signed by multiple keys. 
> 
> No, a patch may be signed by only one key.

So when I pull your patch into my archive, it remains signed by you, but
the resulting revision is signed by me?

> Also, you can sign a revision even if the archive does not have your
> public key.

This confuses me. I don't even know where to begin. Revision signatures
are only stored in an archive, right? (As opposed to popping out a
detached sig file that the user would save elsewhere).

What does it mean for the archive to have or not have a public key if it
doesn't control what can be signed?

> > It seems very weird to have this command also manage archive keys. I
> > think I would also be in favor of splitting out an archive-sig or
> > archive-key command. I know it's bad to have too many commands, but I
> > think it is worse to have unrelated features inside the same command.
> 
> I _really_ don't want to add another command, especially for something
> that a good fraction of people will never use.  45 commands is already
> large.

Hm. Well, I think the 45 can still be trimmed down, and I'm not sure
this is a place to economize. I'll think about it more.

> > The global/per-archive key thing is probably ok if the docs and help are
> > a bit clearer.
> 
> The docs can always be clearer ;) However, maybe we could also set it
> up so that you can have a different default key for each archive.  It
> could be something like "arx param archive-key/foo key".  Hmm.  I
> don't think that there are that many people who have multiple gpg
> keys.  Needs more thought.

That sounds like adding complexity, which I would resist.

> > It might be helpful to document the "single-user" case separately from
> > the case where multiple developers have write access. It seems to me
> > that a fair bit of complexity comes in the multi-user scenario, and as a
> > single-user user, I would like to know what I can ignore. I think
> > distributed RCS's shine in single-user mode, and it's almost always the
> > way I work, so it tends to be where I focus.
> 
> I am not quite sure what you mean by single-user.  For a person
> working alone, they can completely ignore signatures.  Checksums are a
> little interesting, but can usually be ignored.

By "single user", I mean that only one person has write access to an
archive. All group work is managed by pulling patches from other
readable archives, or emailing patches around. That seems like quite a
different situation than if multiple developers can all write directly
into the same physical archive. Or does ArX not even support the latter
model? Several of the features seemed oriented toward that approach.

I'm trying to understand why there would ever be multiple keys in an
archive. If it's my archive, and I'm vouching for it (as you have said),
then wouldn't my key be the only key?

Kevin