[RFC] cryptographic signatures - compared to monotone?

Magnus Therning magnus at therning.org
Tue Feb 14 14:20:28 GMT 2006 

On Tue, Feb 14, 2006 at 06:53:41AM -0500, James Blackwell wrote:
>On Mon, Feb 13, 2006 at 09:00:26AM +0000, Magnus Therning wrote:
>> On Mon, Feb 13, 2006 at 07:50:15AM +0100, Jan Hudec wrote:
>> >On Sun, Feb 12, 2006 at 16:15:52 +0200, Jari Aalto wrote:
>> >> 
>> >> I've noticed that there are are many new exiting fetures proposed and
>> >> being discussed. Many new commands and options and the like.
>> >>
>> >> Perhaps the developers are already thinking about this, but I feel
>> >> that the design should take into account the cryptographic signatures
>> >> along with proposed new functionality.
>> >
>> >Alrady implemented. For quite some time IIRC.
>> >
>> >See http://wiki.bazaar.canonical.com/ConfiguringBzr for how to set it
>> >up.
>> 
>> How do I make a branch require signatures? (I.e. so that
>> "create_signatures=when-required" is triggered.)
>
>You can locally require the creation of signatures for any or all branches
>on your local machine. I am aware of no way to check the signatures that
>have been made.
>
> If you want all new commits to all branches you commit to be signed, then
> add the following option to ~/.bazaar/bazaar.conf (example):
>
>[DEFAULT]
>check_signatures=require
>
>
> If you want to sign all new commits for a specific branch then add this to
> the appropriate branch stanza in .bazaar/branches.conf:
>
>[/home/jblack/test]
>check_signatures=require
>
>
>No, this is not a typo. This is verified behaviour.
>            ~~~~~~~~~~

Ah, cool. Yes, that did work.

The next question then:

 A is a signed local branch, I push it to B. Why isn't the signature
 pushed?

>Use check_signatures if you wish to indicate you wish to make
>signatures when you commit. As far as I can tell the config option
>"create_signatures" does nothing. I'll leave it for someone else to
>define what the behaviour of this config option is.

It's all a bit confusing. I'd even consider it a bug (since I consider
anything that's confusing and/or surprising to be a bug :-)

>I have no idea why things are this way.  Lifeless and I spun in circles
>for about an hour because I just couldn't grok that he was trying to
>say that check_signatures is used to indicate 'sign my commits' and
>that create_signatures does nothing.
>
>I'll be happily update the http://bazaar.canonical.com/ConfiguringBzr to
>reflect current behaviours.

I think it should be fixed first. I think it'd be unfortunate if 0.8 is
released with the current signature support.

/M

-- 
Magnus Therning                    (OpenPGP: 0xAB4DFBA4)
magnus at therning.org
http://therning.org/magnus

Software is not manufactured, it is something you write and publish.
Keep Europe free from software patents, we do not want censorship
by patent law on written works.

Time is a great teacher, but unfortunately it kills all its pupils.
     -- Hector Louis Berlioz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20060214/2ce851f9/attachment.pgp

More information about the bazaar mailing list