On Thu, Jul 31, 2008 at 03:45:03PM -0400, James Carlson wrote: > Nicolas Williams writes: > > I proposed having one signature by the pkg submitter, and one by the > > publication service. The former vouching for the contents of the package > > while the latter would vouch for the dependency and other such analysis. > > Do you really mean at most two signatures?
No, rather, at least two signatures. > > > The easiest way to do this is to omit all signatures from the > > > hash; adding a new signature would then not invalidate previous ones. > > > > It might be useful to be able to include some signatures in the material > > signed by any one signature -- "nested signatures" --, as well as to > > omit some -- "parallel signatures." > > I don't understand the usage case for nested signatures (don't I just > care about the bits delivered?), but at least parallel signatures > ought to be offered. As I imagine it the publication service would sign the manifest and the signature of the manifest by the submitter. That would make it a nested signature.
