Improving support for signed revisions
Lasse Kliemann
lasse-list-mercurial-2009 at mail.plastictree.net
Wed May 6 15:52:28 CDT 2009
* Message by -Peter Arrenbrecht- from Wed 2009-05-06:
> > Any suggestions? Any plans to improve the GPG support in
> > Mercurial in the near future? I'd be happy to participate in a
> > design discussion.
>
> This sounds like you'd want a different extension, which operates
> automatically on every commit.
Yes, it looks like that what I want is not what the GPG extension
was intended for. For instance, the explicit signing of revisions
allows that the person signing the revision is not its comitter.
> I can picture it as follows:
>
> * On every commit to the changelog, sign the text, then append the
> sig as a new extra value to the text, then commit this new text. So
> you're not signing the final hash as the other extension does, but the
> actual changelog text (which includes the user name and the _manifest_
> hash).
> * On verify (and wherever else you want it), check the sig against
> the text minus the sig.
That sounds right like it, yes.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
Url : http://selenic.com/pipermail/mercurial/attachments/20090506/2083eea6/attachment.pgp
More information about the Mercurial
mailing list