Mark D. Baushke wrote: > >Hrm. Perhaps the best solution would still be just to use the > >commitid? If we ever find a system where both time() and /dev/urandom > >are broken, then we can worry about using a counter as described above > >as a fallback? > > > I would actually suggest that if time() is broken on the server, that > using gpg should just be disabled as it will never be possible to > validate a signature in that case.
It would not be possible for the server to validate the signature, but a client still could. In the implementation we've been discussing, the server need not be configured to validate signatures. Of course, a server that can't put timestamps in the CVS archives is arguably broken anyhow and perhaps not a reasonable porting target? Of course, such a server might still work otherwise. I haven't heard of anybody doing this but that doesn't mean it isn't being done. Again, though, I think this case may almost certainly be safely ignored until we see bug reports about it. Summary of my current conclusion: Stick with commitid as currently implemented for use as the sequence identifier with signed-commits: NOW + 8 RANDOM BYTES, converted to base 62. Regards, Derek -- Derek R. Price CVS Solutions Architect Ximbiot <http://ximbiot.com> v: +1 717.579.6168 f: +1 717.234.3125 <mailto:[EMAIL PROTECTED]> _______________________________________________ Bug-cvs mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/bug-cvs
