On Jan 16, 2006, at 08:20:11, Juliusz Chroboczek wrote:
So the tradeoff is:- illegally use Old PGP within an attachment, as we do, which makes the signature verifiable outside of the mailer, but not within it; - obey the rules and use PGP/MIME, which will make it impossible to verify the signature after the attachment is saved to disk. Does anyone see a good way out? For now, I'm closing the report as unfixable.
If the content of the attachment should be signed, then why not do the following:
1. use GPG to sign the patch 2. attach the signed patch to an email 3. send it 4. save the attachment, which is a signed patch 5. check or discard the signatureThis would not combine GPG and email in any way; signing the patch would be an independent step outside however the patch is transferred. In principle, one could replace 2..4 with uploading to a web page, storing on an ftp server, or transmitting over an untrusted ssh link (whatever that would be).
It may be advantageous if darcs, by itself, knew how to strip off and ignore a signature, if it runs on a system where gpg is not available to do that.
-erik -- Erik Schnetter <[EMAIL PROTECTED]> My email is as private as my paper mail. I therefore support encrypting and signing email messages. Get my PGP key from www.keyserver.net.
PGP.sig
Description: This is a digitally signed message part
_______________________________________________ darcs-devel mailing list [email protected] http://www.abridgegame.org/cgi-bin/mailman/listinfo/darcs-devel
