Ivan Markin:
> Yes, you're absolutely right about purpose of this comment.
> This patch doesn't stop signify(1) from embedding a comment string
> before signature. It just makes it possible to verify signatures even if
> there is no 'untrusted comment: ' string in them.
Sorry that it is not clear
Hi Marc,
Marc Espie:
> It is slightly warped: it says "untrusted comment" because it's outside
> of the signed area and shouldn't be taken at face value, BUT if you have
> the right public key, AND manage to validate the signature with it, then
> it means that it *was* the right key, so in
The comments are a necessary feature these days, actually.
It is slightly warped: it says "untrusted comment" because it's outside
of the signed area and shouldn't be taken at face value, BUT if you have
the right public key, AND manage to validate the signature with it, then
it means that it
Theo de Raadt:
> Ivan, you bothered to write the diff and reply quite a few times, but
> you waived all the concerns aside.
This was just my opinion on this. Nothing less, nothing more.
> Don't post diffs you don't want to defend.
Should I defend? I posted it because I want to share.
> You
> > > That is why you are trying to push changes into an established
> > > ecosystem, WITHOUT JUSTIFICATION. Your only justification was
> > > "because I want to do so".
> >
> > Read this tread carefully and you'll see that I don't *push* anything. I
> > don't consider one lonely patch on tech@
> > That is why you are trying to push changes into an established
> > ecosystem, WITHOUT JUSTIFICATION. Your only justification was
> > "because I want to do so".
>
> Read this tread carefully and you'll see that I don't *push* anything. I
> don't consider one lonely patch on tech@ as pushing.
Theo de Raadt:
> That is why you are trying to push changes into an established
> ecosystem, WITHOUT JUSTIFICATION. Your only justification was
> "because I want to do so".
Read this tread carefully and you'll see that I don't *push* anything. I
don't consider one lonely patch on tech@ as
> Theo de Raadt:
> > You'll break other people's compatility without a thought.
> >
> > You only care about yourself.
> >
> > Yeah, that much is clear.
>
> Theo, your insults are pointless. But your concerns are not.
> I don't want to break anything. I think that if something is useful
> enough
Theo de Raadt:
> You'll break other people's compatility without a thought.
>
> You only care about yourself.
>
> Yeah, that much is clear.
Theo, your insults are pointless. But your concerns are not.
I don't want to break anything. I think that if something is useful
enough for others one can
> Theo de Raadt:
> > You might not like it. But the ship sailed. It's too bad you didn't
> > invent this stuff.
>
> As I said, it's convenient for me. Maybe also for someone else. This is
> all I care about.
You'll break other people's compatility without a thought.
You only care about
Theo de Raadt:
> You might not like it. But the ship sailed. It's too bad you didn't
> invent this stuff.
As I said, it's convenient for me. Maybe also for someone else. This is
all I care about.
--
Ivan Markin
> >> > Yeap, there is a problem with verifying uncommented signatures on
> >> > current signify(1). I don't care. And it's okay if someone does - I've
> >> > just put my two cents.
> > they don't need to be verified. They are informational.
>
> Okay, I meant signified files without a comment
> Theo de Raadt:
> >> > Yeap, there is a problem with verifying uncommented signatures on
> >> > current signify(1). I don't care. And it's okay if someone does - I've
> >> > just put my two cents.
> > they don't need to be verified. They are informational.
>
> Okay, I meant signified files
Theo de Raadt:
>> > Yeap, there is a problem with verifying uncommented signatures on
>> > current signify(1). I don't care. And it's okay if someone does - I've
>> > just put my two cents.
> they don't need to be verified. They are informational.
Okay, I meant signified files without a comment
> Theo de Raadt:
> > I've pointed out that people identify the purpose of the file in
> various ways.
> > You wish to basically throw that out?
>
> All I say is that file(1) is unreliable by design.
You didn't continue reading. And you persist in not going back.
> > Well I don't see any need
Theo de Raadt:
> I've pointed out that people identify the purpose of the file in
various ways.
> You wish to basically throw that out?
All I say is that file(1) is unreliable by design. And I don't think one
needs to care about it too much just because someone got used to it.
Personally I
Hi Theo,
Theo de Raadt:
> This seems misguided. We have a horrible program called "file", but
> in general people identify what a file is what what purpose it serves
> not just by the filename, but also by how it starts. The "untrusted
> comment" has become the way to identify a signify file.
Hi Ivan. Think I know who you are, and can guess why.
This seems misguided. We have a horrible program called "file", but
in general people identify what a file is what what purpose it serves
not just by the filename, but also by how it starts. The "untrusted
comment" has become the way to
At the moment signify(1) requires sigfiles to begin with 'untrusted
comment: '. Sometimes one wants to have no comments and just signature
itself.
Index: signify.c
===
RCS file: /cvs/src/usr.bin/signify/signify.c,v
retrieving
19 matches
Mail list logo