Improving support for signed revisions
Lasse Kliemann
lasse-list-mercurial-2009 at mail.plastictree.net
Mon May 11 05:35:30 CDT 2009
* Message by -Arne Babenhauserheide- from Sun 2009-05-10:
> On Wednesday 06 May 2009 22:52:28 Lasse Kliemann wrote:
>
> >> I can picture it as follows:
> >>
> >> * On every commit to the changelog, sign the text, then append the
> >> sig as a new extra value to the text, then commit this new text. So
> >> you're not signing the final hash as the other extension does, but the
> >> actual changelog text (which includes the user name and the _manifest_
> >> hash).
> >> * On verify (and wherever else you want it), check the sig against
> >> the text minus the sig.
> >
> > That sounds right like it, yes.
>
> It wouldn't ensure the data, though.
>
> I could just grab the signed text and use it to do another commit which will
> then appear to have been done by the original committer.
I had assumed that was impossible since the manifest hash was
also signed (see above). Maybe I'm wrong.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
Url : http://selenic.com/pipermail/mercurial/attachments/20090511/9cdf0283/attachment.pgp
More information about the Mercurial
mailing list