monotone-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] key management

From: Stephen Leake
Subject: Re: [Monotone-devel] key management
Date: Mon, 09 Aug 2010 19:59:09 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1 (windows-nt) 
Thomas Keller <address@hidden> writes:

> Am 07.08.2010 20:40, schrieb Stephen Leake:
>> Stephen Leake <address@hidden> writes:
>> 
>> I used the command names 'automate pubkey', 'automate dropkey', to match
>> the corresponding non-automate commands.
>> 
>> 'automate dropkey' drops the private key if present, as non-automate
>> does. I didn't see any reason to change the behavior.
>
> Ouch - that might not be a good idea. This would e.g. enable the
> deletion of the key which is used to authenticate the server, rendering
> a running monotone instance completely useless. We cannot even restrict
> the execution of this command by argument easily, ie. I don't want to
> tell server admins to expand their get_remote_automate_permitted() hook
> to specifically exclude the key id for this new command, this is way too
> harmful if forgotten.
>
> So please, either split the functionality in two commands
> (drop_public_key / drop_private_key) or disable key deletion over
> automate. In the former case we could at least give sensible hints for a
> server admin to disallow the drop_private_key command completely.

I changed 'automate dropkey' to 'automate drop_public_key'.

-- 
-- Stephe
reply via email to
[Prev in Thread] Current Thread [Next in Thread]