Re: GPG Commit Signing Project

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2020-06-12 at 01:55:56, dwh@xxxxxxxxxxxxxxxxxxx wrote:
> I now think even that proposal is overly complicated. I think the
> easiest solution is to simply standardize the existing pipe-fork
> interface as the way GPG talks to all signing tools. For signing tools
> that have different command line interfaces than GPG, we can create
> adapter scripts. Tools that want to be compatible can adapt.

This becomes pretty tricky because Git parses OpenPGP headers in a
variety of places (e.g., at the end of tags).  If your proposal is to
wrap new formats in a fake OpenPGP format, like some existing tools do,
then that would be viable, but otherwise you're going to require either
Git to know about your signing format specifically (which is not a
sustainable approach) or some sort of configuration framework like has
been previously discussed.

If you're going to wrap things in a fake OpenPGP format, then you don't
actually need to send any patches to Git at all; you can simply set
gpg.program and continue.
-- 
brian m. carlson: Houston, Texas, US
OpenPGP: https://keybase.io/bk2204

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux