[ocaml-platform] OPAM: signing the repository
dwws2 at cam.ac.uk
Fri Jun 5 11:47:37 BST 2015
On 06/05/2015 10:59 AM, Hannes Mehnert wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA384
> Hi all,
> After a couple months of research and discussions between Louis
> Gesbert and myself, the proposal for a secured OPAM repository
> (featuring both end-to-end signing, and repository signing), is ready
> for a wider review.
Wow! This is really nice work.
I have a few questions:
1. In your linearity invariants, you say that no key may be removed (1)
which seems sensible even if inviting a lot of cruft eventually. Then,
you say that keys can only be modified with a signature (5) and, as a
special exception, removal of a developer key (exception 2) is allowed.
What happens when these events occur? Do things get re-signed? Do
clients have to traverse the repo history to extract old keys to verify
2. Are the default opam root keys compiled into the binary or on-disk? I
interpreted it both ways from a couple of mentions throughout the doc.
3. How will the uniqueness and time-limitedness of the initial-bootstrap
key be enforced?
4. Where are RM keys stored in the repo? in keys/dev? keys/root seems to
contain a list of the keyid/algo/key triples for RMs but there is a
keyid uniqueness condition...? Could you clarify the distinction between
a keyid and an author id (user at host)?
5. Can the dev (and RM) identities be designed for extensibility? It
reads like the key files will just contain a list of key triples right
now. Could these files contain a single field, e.g. "keys", so that
others could be added later? Specifically, I would like to attest to my
GitHub user id so the signatures in the repo can be used by bots to
authorize simple actions performed by my GitHub user (e.g. rebuild this PR).
Overall, it looks very well thought out! Thanks for putting in so much
effort to get us this far. I'm very optimistic about this system, now.
> The result has just been posted at
> This thread is intended as the official channel for comments and
> discussion on the proposal above.
> Louis Gesbert and Hannes Mehnert
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
> -----END PGP SIGNATURE-----
> Platform mailing list
> Platform at lists.ocaml.org
More information about the Platform