commitsigs: Signatures in all changesets

[Martin Geisler]

Hi guys,

I want to revive my old commitsigs extension:

  http://bitbucket.org/mg/commitsigs

I've just tested it and it works with Mercurial 1.3 and later.

Right now it only knows how to call GnuPG -- I want to make it
expendable so that we can call OpenSSL to use X509 certificates and
other programs as appropriate.

My plan is to have a dict with signing and verification algorithms:


  algorighsm = {'gnupg': (signgpg, verifygpg),
                'openssl' (signopenssl, verifyopenssl),
                ...
               }

and then put the type in the extra dict along with the signature.

Do we need more data to be able to verify the signatures? Perhaps we
should make room for more arguments in the little format we're
designing, something like:

  type:hex(signature):arg1:arg2...

where the verification functions will be given arg1, arg2, ... as
additional string arguments. We could also detect this format change
later by counting the number of colons.

I would love to hear your ideas about this now so that we can have a
stable format from the beginning.

-- 
Martin Geisler

aragost Trifork
Professional Mercurial support
http://aragost.com/mercurial/