Re: signed summary file
- From: Colin Walters <walters verbum org>
- To: ostree-list gnome org
- Subject: Re: signed summary file
- Date: Tue, 05 May 2015 11:54:07 -0400
On Mon, May 4, 2015, at 05:13 PM, Matthew Barnes wrote:
I also don't have a strong opinion on the issue, but I'm still learning
the summary code. I think my question still stands on whether summary
extensions (currently unused) should be part of the signed content.
If we want to have static delta checksums covered, then they need to be.
The summary file honestly was a quick hack...in retrospect it should
have probably blocked on more design work. The original motivation
for attempting to add it quickly was to support MirrorManager/metalinks,
which didn't actually end up being deployed yet =/
So...I think I'm OK with adding a new `summary.sig`. It has the advantage
of sharing architecture with the commit signatures. At some point soon
I think I need to take an action item to write up some basic documentation
on the repository layout that we can fill in with things like this.
A minor downside is that it's another HTTP request, although we should
be able to do requests for `repo/summary` and `repo/summary.sig` in parallel.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]