arx-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Arx-users] Playing with sig command


From: Kevin Smith
Subject: [Arx-users] Playing with sig command
Date: Sat, 11 Dec 2004 19:57:44 -0500

Well, I added a key to my existing archive, and then tried to sign the
archive contents. The key was added (it now shows up when I do an arx
archives), but I can't tell whether I successfully signed this branch or
not:

address@hidden bash-complete $ arx sig --add address@hidden/arx
address@hidden bash-complete $ arx sig address@hidden/arx
address@hidden bash-complete $ arx sig address@hidden
address@hidden bash-complete $ arx sig address@hidden/eifi
address@hidden bash-complete $ arx browse
address@hidden
  arx
    kevins
      0 .. 1

Did the --add work? Can't tell. Note that eifi is not a valid branch
inside the archive. The sig verify should print success or failure. Oh,
I just realized that the --add must not have worked, because it never
asked me for my password :-( Ah. I should have said /arx.kevins.

Doh! That asks me for my password for EACH patch. It doesn't tell me how
many patches I'm going to have to sign, and it doesn't even tell me
which patch I am being prompted for. The doc needs to warn about that,
and strongly suggest that you'll want to use a key agent if you're
signing an existing archive.

Of course, since quintuple agent is installed but not yet working on my
machine (for unknown reasons), I now have an invalid archive, where a
key is specified, but only a couple patches are signed. Not good.

Also, you should be able to sign an entire archive, rather than just a
branch. That's what you want to do when you have an existing archive.

On a different note, it is still unclear to me why the option even
exists to sign individual branches or patches. At a minimum, the manual
should strongly discourage that. Ideally, it would be impossible (or at
least difficult) to sign anything less than an entire archive, since
doing so will cause the archive to be invalid.

Ah. I guess it would be if a few patches were signed by a key that has
recently been deleted. Seems like it would be better to handle that as
part of the delete process, so things never become invalid. The act of
deleting a key could automatically sign the now-orphaned items with a
key you specify.

If signing individual patches really is a necessary feature, it should
be shoved way in the back where normal folks won't get confused by it. 

Is wlandry signed? As of the last time I registered it, it was not. Are
you waiting for the feature to stabilize first?

Cheers,

Kevin






reply via email to

[Prev in Thread] Current Thread [Next in Thread]