It may sound a little weird, but we could actually store the signature in the inode/filename. GPG signatures seem to be around 80 bytes of ASC, thats well below MAXPATH and should work even if your repository is somewhere/deep/in/your/filesystem/hierarchy. 1. Signed objects are named sha1-sig (sig is a 80 character signature here, not the three letters sig). 2. To make sure we can find objects without their signature, there is always a soft link sha1 -> sha1-sig (fsck can check this and create missing links). 3. To find a signature, just follow the link and look at the real name. 4. Files can be distributed without signature (content is unchanged) and you can sign them in your local tree with your own signature, effectively throwing my signature away. The only limitation is that each object can only be signed by one person. On the other hand, this might not be a limitation at all. If I create a file, I sign it. Nobody else. Same goes for trees and commits that I create. You can sign your own commit object when you merge my stuff, and then push that commit object out (along with your co-signature). Andreas On Mon, 25 Apr 2005, Fabian Franz wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Am Montag, 25. April 2005 03:50 schrieb Linus Torvalds: > > > Maybe we'll just have signed tags by doing exactly that: just a collection > > of detached signature files. The question becomes one of how to name such > > things in a distributed tree. That is the thing that using an object for > > them would have solved very naturally. > > What about just <sha1 hash of object>.sig or <sha1 hash of object>.asc? > > Or would this violate the concept of the object database to just contain > hashes? > > cu > > Fabian > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 (GNU/Linux) > > iD8DBQFCbFMsI0lSH7CXz7MRAof0AKCILjPE/M72cMSVNDC/DWYSzmrU/ACggOuS > ogNPwUf2ASAwmbwixzSTuPs= > =pW5D > -----END PGP SIGNATURE----- > > - > To unsubscribe from this list: send the line "unsubscribe git" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.htmlReceived on Mon Apr 25 12:40:38 2005
This archive was generated by hypermail 2.1.8 : 2005-04-25 12:40:38 EST