[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn commit: r13872 - trunk

From: Max Bowsher <maxb_at_ukf.net>
Date: 2005-04-04 21:13:46 CEST

Justin Erenkrantz wrote:
> --On Sunday, April 3, 2005 9:10 PM +0100 Max Bowsher <maxb@ukf.net> wrote:
>
>> If you would like to make them saved to a file, I think that's a
>> reasonable change to dist.sh.
>
> I had suggested on IRC on Friday adding MD5 and SHA1 signature files and
> that was rejected by the #svn crowd.

I don't think we should have individual per file ones - but how about a
single "subversion-x.y.z.checksums ?

>> I still think that is inappropriate for our official distribution script
>> to be facilitating signing before test, whilst we have a policy of
>> signatures meaning "I have tested this".
>
> My perspective that, by signing it at dist.sh time, the RM is saying that
> "This tarball is X.Y.Z and I created it." This allows the bootstrapping
> of the signature process by ensuring everyone that the RM has said this
> is my tarball.
>
> It would be possible (perhaps not likely?) for the RM to create the
> tarball and then immediately post the tarball to the mailing list. Yet,
> there needs to be some way to authenticate that the tarball is what the RM
> created. So, I think the intent of the RMs signature would be slightly
> different than a committers' signature because we need to ensure that it
> was what the RM created. -- justin

Ah, I see.

Ok, I'm convinced.

Max.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Apr 4 21:15:12 2005

This is an archived mail posted to the Subversion Dev mailing list.