1 |
Dnia 2013-06-22, o godz. 17:02:56 |
2 |
""Paweł Hajdan, Jr."" <phajdan.jr@g.o> napisał(a): |
3 |
|
4 |
> On 6/20/13 2:16 AM, Michał Górny wrote: |
5 |
> > Doing test signatures won't cover all failures. |
6 |
> |
7 |
> Do you know an example? The only one I'm aware of is when a test |
8 |
> signature is made very close to the expiration date, and then the real |
9 |
> signature would be done after it. |
10 |
|
11 |
Well, Michael explained one in the other branch of this thread quite |
12 |
thoroughly. Other than that, there can be random runtime errors |
13 |
and race conditions. |
14 |
|
15 |
I'd say it's as good as using stat() to check whether a file exists |
16 |
before opening it. But thinking of it, I've got another idea... |
17 |
|
18 |
How about opening 'gpg -s' in a subprocess before first commit |
19 |
and feeding the Manifest afterwards? As far as I can see, gpg asks for |
20 |
the password instantly, so likely most of the bases will be covered |
21 |
already, and we're be doing a single signature only. |
22 |
|
23 |
-- |
24 |
Best regards, |
25 |
Michał Górny |