On Sat, Feb 04, 2006 at 01:33:45AM -0500, Daniel Carrera wrote: > Jamie Webb wrote: > >Alternatively, you could require that the patch is signed with a > >recognised GPG key (since both signing and verification are built into > >Darcs), though that would mean that authentication is delayed until > >the patch bundle has already been uploaded. > > How do you get Darcs to *verify* the GPG signature?
Darcs apply has a --verify option. > Is it also possible to go > back to a patch from 3 years ago and re-verify its signature? I don't think so. I think it's the patch bundle that is signed, not the patches, and so the signature is discarded once the patches are applied. ISTR some discussion a while back about adding the ability to sign inventories and the like, which was necessary to provide end-to-end accountability, but I didn't follow too closely. -- Jamie Webb _______________________________________________ darcs-users mailing list [email protected] http://www.abridgegame.org/mailman/listinfo/darcs-users
