-
Notifications
You must be signed in to change notification settings - Fork 49
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add a 'sign' comand to sign checksusms files #185
Conversation
Specifically, localise package globals. Just incase we extend this in the future and forget to do so, and get hit by some very confusing errors.
This is another command that won't work with a remote repository. So we either need to make it work, or just tell users that remote repositories aren't supported (we can always add it later). |
Good catch. Signing a local CHECKSUMS file for a remote repository does not |
Well, I think you'd probably want the server to sign its checksum file with its own key. But we can figure that out later. |
Ah yes, if the remote is running pintod, that could work. That will be an interesting rabbit hole to explore ;-) |
add a 'sign' comand to sign checksusms files
Signing stacks is hard :-( I've thought a lot about this issue. To be compatible with other non-pinto The only other workable alternative I could come up with was to maintain a Kahlil (Kal) Hodgson GPG: C9A02289 Suite 1416 "All parts should go together without forcing. You must remember that On 4 March 2015 at 03:16, Jeffrey Ryan Thalhammer notifications@github.com
|
Some questions came into mind as I was re-reading the code... What is the use case for a sign command? I mean, why would a human decide to sign (or maybe re-sign) distributions at any particular moment? Would it make more sense to just have a global |
The use case I had in mind is described in https://github.com/tartansandal/Pinto/blob/audit-notes/lib/Pinto/Manual/Audit.pod. This is a pretty specific workflow. The case for the sign command, as opposed to a configuration option, is that you might want to delay re-signing a repository until you have your whole stack in place, or you may want to resign the repository after fixing an operation that crashed part way. Really think that the 'sign' command belongs with an 'audit' pluggin where the use case and the proposed workflow can be explained in detail. My ideas on this are still very much in flux, and I've not had much time to think about them lately. |
I see now (don't know why I didn't read that before).
I think that is the key (no pun intended). You want signing to be a deliberate and explicit administrative act. Not something that happens implicitly or accidentally. That makes sense. Also, I suppose you might want to re-sign because you've changed keys. But I'm not sure if that scenario actually happens in the wild. |
So do you want to ship |
Yeah, I think we should ship this separately. Need to find some spare time to think through all the various workflows more carefully. |
Just checked and |
Just a heads up that I've moved the signing code and the notes on auditing to https://github.com/tartansandal/Pinto-Action-Sign. Once I've cleaned things up and added some tests, I'll look to uploading this to PAUSE and maybe get some feedback from a wider audience. |
Signs a whole repository. The beginnings of a process to build a web of trust.