[darcs-devel] darcs patch: Save email description file if a send
fails
Erik Schnetter
schnetter at cct.lsu.edu
Mon Jan 16 06:46:39 PST 2006
On Jan 16, 2006, at 08:20:11, Juliusz Chroboczek wrote:
> So the tradeoff is:
>
> - illegally use Old PGP within an attachment, as we do, which makes
> the signature verifiable outside of the mailer, but not within it;
>
> - obey the rules and use PGP/MIME, which will make it impossible to
> verify the signature after the attachment is saved to disk.
>
> Does anyone see a good way out? For now, I'm closing the report as
> unfixable.
If the content of the attachment should be signed, then why not do
the following:
1. use GPG to sign the patch
2. attach the signed patch to an email
3. send it
4. save the attachment, which is a signed patch
5. check or discard the signature
This would not combine GPG and email in any way; signing the patch
would be an independent step outside however the patch is
transferred. In principle, one could replace 2..4 with uploading to
a web page, storing on an ftp server, or transmitting over an
untrusted ssh link (whatever that would be).
It may be advantageous if darcs, by itself, knew how to strip off and
ignore a signature, if it runs on a system where gpg is not available
to do that.
-erik
--
Erik Schnetter <schnetter at cct.lsu.edu>
My email is as private as my paper mail. I therefore support encrypting
and signing email messages. Get my PGP key from www.keyserver.net.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.osuosl.org/pipermail/darcs-devel/attachments/20060116/b3c45348/PGP.pgp
More information about the darcs-devel
mailing list