You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Max Bowsher <ma...@ukf.net> on 2005/04/03 10:50:56 UTC
Re: svn commit: r13872 - trunk
jerenkrantz@tigris.org wrote:
> Author: jerenkrantz
> Date: Sun Apr 3 00:27:08 2005
> New Revision: 13872
>
> Modified:
> trunk/dist.sh
> Log:
> Add in changes to dist.sh from r13838 that were not vetoed or likely
> not to cause a veto.
>
> * dist.sh:
> ...Add -sign option to use PGP/GPG if available;
Is signing supposed to assert "I have tested this"?
If so, shouldn't signing be a manual process?
Max.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: svn commit: r13872 - trunk
Posted by Branko Čibej <br...@xbc.nu>.
Max Bowsher wrote:
> jerenkrantz@tigris.org wrote:
>
>> Author: jerenkrantz
>> Date: Sun Apr 3 00:27:08 2005
>> New Revision: 13872
>>
>> Modified:
>> trunk/dist.sh
>> Log:
>> Add in changes to dist.sh from r13838 that were not vetoed or likely
>> not to cause a veto.
>>
>> * dist.sh:
>> ...Add -sign option to use PGP/GPG if available;
>
>
> Is signing supposed to assert "I have tested this"?
Indeed it is.
> If so, shouldn't signing be a manual process?
Right. I thing a -sign option is too much of a good thing.
-- Brane
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: svn commit: r13872 - trunk
Posted by Max Bowsher <ma...@ukf.net>.
Justin Erenkrantz wrote:
> --On Sunday, April 3, 2005 9:10 PM +0100 Max Bowsher <ma...@ukf.net> wrote:
>
>> If you would like to make them saved to a file, I think that's a
>> reasonable change to dist.sh.
>
> I had suggested on IRC on Friday adding MD5 and SHA1 signature files and
> that was rejected by the #svn crowd.
I don't think we should have individual per file ones - but how about a
single "subversion-x.y.z.checksums ?
>> I still think that is inappropriate for our official distribution script
>> to be facilitating signing before test, whilst we have a policy of
>> signatures meaning "I have tested this".
>
> My perspective that, by signing it at dist.sh time, the RM is saying that
> "This tarball is X.Y.Z and I created it." This allows the bootstrapping
> of the signature process by ensuring everyone that the RM has said this
> is my tarball.
>
> It would be possible (perhaps not likely?) for the RM to create the
> tarball and then immediately post the tarball to the mailing list. Yet,
> there needs to be some way to authenticate that the tarball is what the RM
> created. So, I think the intent of the RMs signature would be slightly
> different than a committers' signature because we need to ensure that it
> was what the RM created. -- justin
Ah, I see.
Ok, I'm convinced.
Max.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: svn commit: r13872 - trunk
Posted by Justin Erenkrantz <ju...@erenkrantz.com>.
--On Sunday, April 3, 2005 9:10 PM +0100 Max Bowsher <ma...@ukf.net> wrote:
> If you would like to make them saved to a file, I think that's a
> reasonable change to dist.sh.
I had suggested on IRC on Friday adding MD5 and SHA1 signature files and
that was rejected by the #svn crowd.
> Um, what? How is a tarball going to change without the concious activity
> of the RM?
Corruption and so forth. As an RM, I was constantly copying the tarball
around to machines as I started the testing process. Therefore, I was
looking for a way to ensure that it is the tarball that I created.
A PGP signature is, IMO, the easiest way to ensure that it is what I
created.
> I still think that is inappropriate for our official distribution script
> to be facilitating signing before test, whilst we have a policy of
> signatures meaning "I have tested this".
My perspective that, by signing it at dist.sh time, the RM is saying that
"This tarball is X.Y.Z and I created it." This allows the bootstrapping of
the signature process by ensuring everyone that the RM has said this is my
tarball.
It would be possible (perhaps not likely?) for the RM to create the tarball
and then immediately post the tarball to the mailing list. Yet, there
needs to be some way to authenticate that the tarball is what the RM
created. So, I think the intent of the RMs signature would be slightly
different than a committers' signature because we need to ensure that it
was what the RM created. -- justin
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: svn commit: r13872 - trunk
Posted by Max Bowsher <ma...@ukf.net>.
Justin Erenkrantz wrote:
> --On Sunday, April 3, 2005 11:50 AM +0100 Max Bowsher <ma...@ukf.net>
> wrote:
>> Is signing supposed to assert "I have tested this"?
>> If so, shouldn't signing be a manual process?
>
> Well, it's an optional flag. Typically, the RM tests the release
> locally before posting it anywhere. Yet, I find signing the tarball
> at that initial stage is a good way to ensure that the tarball
> doesn't change once testing starts. The MD5 and sha1 sums aren't
> saved to a file, so there's no record of them except for being in the
> output of dist.sh.
If you would like to make them saved to a file, I think that's a reasonable
change to dist.sh.
> With the .asc file present, the RM can easily
> check the validity of the just created tarball. -- justin
Um, what? How is a tarball going to change without the concious activity of
the RM?
I still think that is inappropriate for our official distribution script to
be facilitating signing before test, whilst we have a policy of signatures
meaning "I have tested this".
Max.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: svn commit: r13872 - trunk
Posted by Justin Erenkrantz <ju...@erenkrantz.com>.
--On Sunday, April 3, 2005 11:50 AM +0100 Max Bowsher <ma...@ukf.net> wrote:
> Is signing supposed to assert "I have tested this"?
> If so, shouldn't signing be a manual process?
Well, it's an optional flag. Typically, the RM tests the release locally
before posting it anywhere. Yet, I find signing the tarball at that initial
stage is a good way to ensure that the tarball doesn't change once testing
starts. The MD5 and sha1 sums aren't saved to a file, so there's no record of
them except for being in the output of dist.sh. With the .asc file present,
the RM can easily check the validity of the just created tarball. -- justin
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org