[darcs-devel] GPG Encryption in send.
David Roundy
droundy at abridgegame.org
Wed May 19 03:32:52 PDT 2004
On Tue, May 18, 2004 at 09:06:36AM -0700, David Brown wrote:
> On Tue, May 18, 2004 at 05:49:48AM -0400, David Roundy wrote:
>
> > http://lists.gnupg.org/pipermail/gnupg-users/2004-March/022070.html
> >
> > I guess this is a feature of clearsigning, so hopefully encrypted
> > patches won't pose this problem, but it's worth checking carefully.
>
> Brilliant. That explains why you extract the patch from the original
> file. Encrypted patches shouldn't be a problem, but 'apply' is going to
> have to know which kind of patch it is dealing with.
Actually, one thing that is on my TODO list is adding support in apply for
decoding base64-encoded patches, which is similar in behavior. I imagine
one first looks for a patch bundle, and then if one doesn't find it, one
looks for a base64-encoded block, and if one doesn't find that, one looks
for an encrypted block. There's a similarity here... but it probably
requires a bit better-organized code than what there is currently. It
might be nice to extract the attachment (base64, encrypted, etc) in a
"darcs-independent" manner, although that would perhaps be a bit trickier
since it might be hard to figure out which which attachment to extract.
> > I'd say you may as well add an optional public key (or key ID) to
> > _darcs/prefs, so if you "send" with no --target, darcs would check the
> > email address and gpg key, and if there is no gpg key, it would either warn
> > you that the patch won't be encrypted, or fail. The advantage of putting
> > the public key (in some sort of exported form) itself there is that then
> > you wouldn't be required to upload the key to the keyservers, since darcs
> > could import the public key to your keyring.
>
> Is there a way of putting the public key in the remove archive in such a
> way that darcs can get it. I'm not quite sure I follow what the code is
> doing there.
>
> In other words, what does darcs use as a default target, if none is
> specified? Looking at it, it looks like it just asks. Seems to me that
> it would be nice if the target, and possibly the key came from the
> remote archive, but default.
For the default target, darcs uses the contents of _darcs/prefs/email on
the remote repository, if it exists. Otherwise it asks. You can check out
the code in "who_to_email" within "decide_on_behavior" in Send.lhs.
Basically we just fetch and read the _darcs/prefs/email file.
For a public key to encrypt to, I'd tend to lean towards similar behavior.
--
David Roundy
http://www.abridgegame.org
More information about the darcs-devel
mailing list