[ANN] autosign extension
Martin Geisler
mg at lazybytes.net
Thu May 14 14:44:20 CDT 2009
Lasse Kliemann <lasse-list-mercurial-2009 at mail.plastictree.net> writes:
> [... great analysis of trust considerations ...]
>
> Bottom line is: for now, it would in fact be easiest to let users
> specify separate keyrings. This should be configurable per repository.
> Users should then only put keys with correct user ID in that keyring,
> and we could use '--trust-model always' to spare users the '--lsign'
> business.
Sounds good -- we'll let the user specify something like
[autosign]
gpg.path = ~/bin/mygpg
gpg.keyring = ~/.gnupg/my_hg_keyring.gpg
gpg.flags = --trust-model always --default-key mg at lazybytes
openssl.cert = ~/myfancycert
openssl.flags = other flags
in a hgrc file. They can then do this in .hg/hgrc for per-repository
configuration and ~/.hgrc for global configuration. We can then easily
accomodate different programs by name-spacing the options.
I'm not so happy with the "autosign" name, it's not intuitive what it
means when you read it in a config file. Does anybody have a better
suggest?
> I have a concrete idea how to include X509 with OpenSSL. I have to
> check out some things on the OpenSSL mailing list first. I'll present
> it here shortly.
Excellent.
--
Martin Geisler
VIFF (Virtual Ideal Functionality Framework) brings easy and efficient
SMPC (Secure Multiparty Computation) to Python. See: http://viff.dk/.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://selenic.com/pipermail/mercurial/attachments/20090514/8e60a710/attachment.pgp
More information about the Mercurial
mailing list