From kde-devel Wed May 26 00:11:46 2010 From: Michael Pyne Date: Wed, 26 May 2010 00:11:46 +0000 To: kde-devel Subject: Re: digital signatures for kde sources? Message-Id: <201005252011.52588.mpyne () kde ! org> X-MARC-Message: https://marc.info/?l=kde-devel&m=127483280427082 MIME-Version: 1 Content-Type: multipart/mixed; boundary="--===============1232904727==" --===============1232904727== Content-Type: multipart/signed; boundary="nextPart51004717.eCTNHLTp4g"; protocol="application/pgp-signature"; micalg=pgp-sha256 Content-Transfer-Encoding: 7bit --nextPart51004717.eCTNHLTp4g Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Tuesday, May 25, 2010 19:45:01 Joanna Rutkowska wrote: > >> or for the stable revisions in the SVN's stable/ branches? > >=20 > > That doesn't even make any sense at all. >=20 > Interesting opinion -- can you elaborate? Many (most?) version control > systems allow to sign commits, e.g. git, mercurial, perhaps also SVN. >=20 > Look at the Linux kernel -- every "release" commit is tagged and signed > by Linus -- see e.g. this: No, it's not an opinion, he's giving a technical fact regarding the source= =20 control system we currently use, Subversion. AFAIK git was actually the fir= st=20 popular source control system to allow cryptographic-strength code signing = so=20 it's still a relatively new feature. git gets it almost for free just based= on=20 the way Linus Torvalds designed the filesystem. I'm not going to say that it *can't* be done efficiently in Subversion, but= =20 I'm pretty sure it would be very difficult and as it stands Subversion does= n't=20 support code signing. It would be possible to sign tagged branches or what not by doing svn expor= t=20 and signing the tarball but as you've already noted we don't go that far. Regards, - Michael Pyne --nextPart51004717.eCTNHLTp4g Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iQIcBAABCAAGBQJL/GdIAAoJEAuvDJx7aunyeXcQAKlkk3SWhxauKh7bc5xKPrxc Xu4ZZf8F10j2YOaPSq2kjhxdbKZgoNENyb/FzppMOpl9QjJ55s3PKHVTXoe222SU 2tX4ahdS7oQIBYmC6JzzKL4aqOBvLHm10ZyaZ/o/Knfq7JLkv0LAM6iPm0c/pX6Z iKsmR6mZTWeC/xC0Eq10TMrxF3KV3ehFZzVBm2wlIKx59FDcJpryJsMEO1qacLMD 2BlefuomHWNUlNG5pgl7vmyI2iB9EbHkNjf3Wk3CjuO27PEw58U+BBxj3Mu7stuE YJt6paXxiP28mTr0O4EQV/FLMAPy0O6N31uH+CTXUqWpV6DtSkxm9h66IXpeaF5I 9mzC6ynb7ZnYFoha1+gaieyev92psk0wM8zBus/OPSmdl+t/nV3eatbRjBC+1b1Z 5hEJGm2Wplgy3JiIbh7ItS2R0DUTzBg2Nh6feaRqB0fm4ml6aYMvfbX1agVW1R9L Nt549O4VQjYbiK3ZbhiUWCMYwTDuj1vjqK/kofsszuQHqkdaRpNpUs8Cu7/mh4wo sjt4piNMt88a+/kFBllOpGVfekTYGG38ec2ulyCi/YWh30gU9AmJ0qQcqrhL8ari WfQleJwd3vxAyzoy9s3RaDyP5Ez4emAro3YyLX1JdiG8FKzmRZ3vuZAejC1KzPpb eXzQtdhVnTt6bb/bENUJ =Ml3N -----END PGP SIGNATURE----- --nextPart51004717.eCTNHLTp4g-- --===============1232904727== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline >> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe << --===============1232904727==--