Peter Stirling wrote:
The problem is that if you have the old key available to you, then you
can create revisions that
will pass your test for 'earlier than <date>', regardless of when they
were actually signed.
Digital signatures only allow you to state unequivocally that data was
asserted by someone with
access to the key. It's up to the recipient to decide whether to trust
that assertion.
Your code is workable though, if you can find a repository which
hasn't yet been poisoned.
You need to be able to store both keys in the database at the same time.
As it is (unless this has been fixed recently), as keys are referenced
by the email address, you can't replace a key (that I know of) without
changing your email address too. If so, then that is a DoS attack on
your email address.
Keys should be referenced by keyid, similar to GnuPG.
Brian May
_______________________________________________
Monotone-devel mailing list
[email protected]
http://lists.nongnu.org/mailman/listinfo/monotone-devel
