[Open-collaboration-services] [REQUEST] Extend API to support gpg signature
Frederik Gladhorn
gladhorn at kde.org
Wed Jul 28 21:13:44 CEST 2010
On Wednesday 28 July 2010 10:43:42 Frank Karlitschek wrote:
> On 27.07.2010, at 09:27, Frederik Gladhorn wrote:
> > On Monday 26 July 2010 22:54:29 Frank Karlitschek wrote:
> >> On 26.07.2010, at 22:10, Frederik Gladhorn wrote:
> >>> Sounds pretty good to me. Signatures are about 200 byte if I'm not
> >>> mistaken. I would almost favor to inline them in the content/get
> >>> request, so we don't need to make a separate call. Any reason not to?
> >>
> >> I agree. It´s funny, we discussed adding a similar signature field 3
> >> weeks ago at Akademy and it is already in the OCS 1.6 draft
> >> http://www.freedesktop.org/wiki/Specifications/open-collaboration-servic
> >> es -draft
> >>
> >>
> >> What do you think? Is this what you need?
> >
> > Funny, it must have slipped my mind, or I missed that part of the
> > discussion (Akademy was total communications overload ;)).
> > Anyway, the stuff currently in the spec is a gpg fingerprint, what would
> > one do with that? I don't get it. Should the package itself be signed
> > then with this key?
> >
> > Diego's gpg-aa signing approach allows verification where the download
> > comes from, even if the server has been compromised. But only on the
> > assumption that the user has the key/is part of the web of trust ...
> >
> > Do we want/need both?
> >
> > Cheers
> > Frederik
>
> Sorry. It seams that I´m not awake yet. :-) I don´t get it.
>
> Which fields do we need and where?
>
> Can you give me an example perhaps?
Diego, can you explain in more detail?
gpg fingerprint: id of a gpg key
gpg aa signature: signature of one file
(see the previous mails on this list for examples)
>
> Thanks :-)
>
> Cheers
> Frank
>
> > _______________________________________________
> > Open-collaboration-services mailing list
> > Open-collaboration-services at kde.org
> > https://mail.kde.org/mailman/listinfo/open-collaboration-services
>
> --
> Frank Karlitschek
> karlitschek at kde.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
Url : http://mail.kde.org/pipermail/open-collaboration-services/attachments/20100728/e72b347f/attachment.sig
More information about the Open-collaboration-services
mailing list