[darcs-devel] darcs patch: Save email description file if a send fails

[Erik Schnetter]

On Jan 16, 2006, at 08:20:11, Juliusz Chroboczek wrote:
> So the tradeoff is:
>
>   - illegally use Old PGP within an attachment, as we do, which makes
>     the signature verifiable outside of the mailer, but not within it;
>
>   - obey the rules and use PGP/MIME, which will make it impossible to
>     verify the signature after the attachment is saved to disk.
>
> Does anyone see a good way out?  For now, I'm closing the report as
> unfixable.

If the content of the attachment should be signed, then why not do  
the following:

1. use GPG to sign the patch
2. attach the signed patch to an email
3. send it
4. save the attachment, which is a signed patch
5. check or discard the signature

This would not combine GPG and email in any way; signing the patch  
would be an independent step outside however the patch is  
transferred.  In principle, one could replace 2..4 with uploading to  
a web page, storing on an ftp server, or transmitting over an  
untrusted ssh link (whatever that would be).

It may be advantageous if darcs, by itself, knew how to strip off and  
ignore a signature, if it runs on a system where gpg is not available  
to do that.

-erik

-- 
Erik Schnetter <schnetter at cct.lsu.edu>

My email is as private as my paper mail.  I therefore support encrypting
and signing email messages.  Get my PGP key from www.keyserver.net.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.osuosl.org/pipermail/darcs-devel/attachments/20060116/b3c45348/PGP.pgp