Re: Feature proposal: artifact signing

From: Sam Thursfield <sam thursfield codethink co uk>
To: Tristan Van Berkom <tristan vanberkom codethink co uk>, buildstream-list gnome org
Subject: Re: Feature proposal: artifact signing
Date: Thu, 12 Oct 2017 10:28:40 +0100

On 12/10/17 08:01, Tristan Van Berkom wrote:

Finally, reading over your proposal in general (except for the part
where you want to dig into the intentionally abstract and hidden
details of how an artifact is stored) - You dont need BuildStream to
implement what you want.

All you need from buildstream really is some additional arguments to
the `bst checkout` command, allowing you to checkout a single artifact
addressed by it's cache key, and checkout the entire artifact instead
of just it's files/ subdirectory.

 From there on out, you can do all of the flexible out of band signing
and verification and throwing around of signatures that you want -
there is not really much point to involving BuildStream in this
activity unless it's well integrated.


I will think more on this -- perhaps you are correct.

Sam


--
Sam Thursfield, Codethink Ltd.
Office telephone: +44 161 236 5575

References:
- Feature proposal: artifact signing
  - From: Sam Thursfield
- Re: Feature proposal: artifact signing
  - From: Tristan Van Berkom

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]