From: Jan Hudec <bulb@ucw.cz>
To: "Shawn O. Pearce" <spearce@spearce.org>
Cc: Sam Vilain <sam@vilain.net>, git@vger.kernel.org
Subject: Re: [RFC] Authenticate push via PGP signature, not SSH
Date: Mon, 28 Jan 2008 22:06:40 +0100 [thread overview]
Message-ID: <20080128210640.GC5788@efreet.light.src> (raw)
In-Reply-To: <20080128081258.GE24004@spearce.org>
[-- Attachment #1: Type: text/plain, Size: 1243 bytes --]
On Mon, Jan 28, 2008 at 03:12:58 -0500, Shawn O. Pearce wrote:
> Sam Vilain <sam@vilain.net> wrote:
> > This does force potential contributors to get PGP keys, and get them
> > signed - but that seems to me to be a reasonable barrier of entry and
> > may even help drive some PGP adoption.
>
> In many cases today such contributers would have been forced to get
> an SSH account on the server they want to push to. Getting an SSH
> account configured and a key installed may be more difficult than
> generating a PGP key pair and emailing in the public key.
Actually no. SSH key pair is good enough in current situation. In fact
it might be *better* than SSH account, because with SSH account, the user
either has or does not have write access, while with SSH key pair he is still
subject to limitations enforced by the receive-hook.
> Of course the PGP based system is nicer in that the administrator
> might get a public key that has been signed by others he trusts,
> and thus is more readily able to verify that the contributor is
> who they think it is.
That, however, is an advantage of PGP. Obviously, additional rules can still
be enforced by the receive-hook.
--
Jan 'Bulb' Hudec <bulb@ucw.cz>
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2008-01-28 21:07 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-28 4:12 [RFC] Authenticate push via PGP signature, not SSH Sam Vilain
2008-01-28 8:12 ` Shawn O. Pearce
2008-01-28 21:06 ` Jan Hudec [this message]
2008-01-28 21:58 ` Sam Vilain
2008-01-29 2:57 ` Shawn O. Pearce
2008-01-29 4:10 ` Shawn O. Pearce
2008-01-29 19:08 ` Pierre Habouzit
2008-01-30 4:22 ` Shawn O. Pearce
2008-01-30 5:55 ` Sam Vilain
2008-01-30 6:16 ` Shawn O. Pearce
2008-01-30 8:35 ` Pierre Habouzit
2008-01-30 20:22 ` Sam Vilain
2008-01-30 8:00 ` Johannes Sixt
2008-01-31 5:43 ` Shawn O. Pearce
2008-01-30 8:33 ` Pierre Habouzit
2008-01-31 4:30 ` Shawn O. Pearce
2008-01-31 9:25 ` Pierre Habouzit
2008-01-30 6:29 ` Sam Vilain
2008-01-30 7:47 ` Shawn O. Pearce
2008-01-31 1:18 ` Sam Vilain
2008-01-28 8:48 ` Pierre Habouzit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080128210640.GC5788@efreet.light.src \
--to=bulb@ucw.cz \
--cc=git@vger.kernel.org \
--cc=sam@vilain.net \
--cc=spearce@spearce.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).