On Wed, Mar 27, 2013 at 11:19:52AM -0700, Russ Allbery wrote: > Daniel Kahn Gillmor <d...@fifthhorseman.net> writes: > > > When i make cryptographic signatures, i consider it important that those > > signatures can be successfully interpreted in a context-independent > > manner. That is, if the same signature was presented in a new place, it > > should not change its interpretation. The data being signed needs to > > contain its own context explicitly and unambiguously. For example, i > > would not sign an e-mail if the entire body was: "Yes, I think this is a > > good idea." because the message could be trivially replayed in some > > other e-mail conversation to imply my agreement with an idea that i > > might not actually agree to. > > Just as a data point, whenever I tag a Git repository corresponding to a > package upload to Debian, I include the entire *.changes file as the body > of the signed tag message. I picked up this habit from Sam Hartman, and > I'm quite fond of it. Not only does it achieve that context independence > that you refer to, it also ties the repository tag together with the > checksums of the exact packages that I built and uploaded to Debian based > on that repository state.
That sounds ideal and I wanted to get around to implement this for quiet some time. There are some patches pending that cleanup the changelog handling. I'll have a look into adding this after merging those. Cheers, -- Guido -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
