[ocaml-platform] OPAM: signing the repository

Thomas Gazagnaire thomas at gazagnaire.org
Mon Aug 10 15:36:32 BST 2015

Great proposal! I just have some minor comments:

- it would help to explain somewhere (and if possible early in the document) what does it mean to sign a file, i.e. adding a field "signature". The "Signed files and tags" explain part of the process, but without explicitly saying anything.

- also it was not totally clear to me at first read that the Linearity condition is a kind of "custom policy checking", where the custom policy is actually quite different of what the default TUF specification. i.e., the snapshot bot should know and apply a policy set by the repository maintainers (which can change over time).

Let me know if you need something special in ocaml-git (such as more support for annotated tags) to implement the proposal.


> On 8 Jun 2015, at 03:52, Louis Gesbert <louis.gesbert at ocamlpro.com> wrote:
> I just added an issue to track the needed improvements to the specification arising from the discussions here [1]. Please keep the discussion in the ML for now :) -- and thanks for the feedback!
> [1] https://github.com/ocaml/opam/issues/2182
> Louis
> _______________________________________________
> Platform mailing list
> Platform at lists.ocaml.org
> http://lists.ocaml.org/listinfo/platform

More information about the Platform mailing list