Re: [PATCH 7/9] fsck: consider gpgsig headers expected in tags

["brian m. carlson" <sandals@crustytoothpaste.net>]

[-- Attachment #1: Type: text/plain, Size: 1291 bytes --]

On 2025-09-19 at 23:31:08, Junio C Hamano wrote:
> Could you wrap this overly long line?
> 
> 	if (buffer < buffer_end && 
> 	    (skip_prefix(buffer, "gpgsig ", &buffer) ||
> 	     skip_prefix(buffer, "gpgsig-sha256 ", &buffer))) {

Will fix in v2.

> Do we allow a tag object with both "gpgsig" and "gpgsig-sha256" or
> detect as an error?  I think the most natural way to extend this
> system in the future with a third hash function would be to still
> have the primary hash in the payload and signatures created with
> other compatibility hash functions on the header, so if we were to
> detect, the rule may be "gpgsig* in the headers ought to be unique
> and should not include the primary hash algorithm" plus "if you have
> gpgsig* in the header, the body must also have inline signature, and
> if you don't, the body must not", perhaps?

In v2, I'll make it such that `gpgsig` is allowed only when we're not
using SHA-1 and `gpgsig-sha256` is allowed only when we're not using
SHA-256.  It may be that we don't have a trailing signature, though,
since we might turn a SHA-1 tag (signed only with SHA-1) into a SHA-256
tag (which would have only a `gpgsig` header and no trailing SHA-256
signature).
-- 
brian m. carlson (they/them)
Toronto, Ontario, CA

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 262 bytes --]