[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [jgit-dev] Tag Signing?
- From: Matthias Sohn <matthias.sohn@xxxxxxxxxxxxxx>
- Date: Wed, 25 May 2011 15:09:20 +0200
- Delivered-to: email@example.com
- Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=JlxbeCAyLLCC8bymFLQ9j5lSN4x/dCqskDFgqarHQ4w01sa2TY8matel5zj71Qf+Ia 5dCGt63tGg9QeWUR0SWqkLWSZNlPeWDtjwfUtHhLDpS+tYZfyiUGQKZNGt8y37NPX8O9 cUoV5TcP8/50H6W1693tNPSgSGiO6AcJ3kEpI=
2011/5/25 Nick Palmer <nick@xxxxxxxxxxxxx>:
> Hey All,
> Looking at the TagCommand I see that signing is not yet supported.
> Are there plans to add (possibly optional) support for this, or are you trying to avoid the dependency?
> Integration with Bouncy Castle's OpenGPG implementation should do the trick provided options are carefully chosen to match GnuPG. I would consider contributing patches if this is something that would be considered desirable.
We have a pending CQ for Bouncy Castle , if we get approval to use that
we should go this path. We would be happy to see your contributions on
this topic. As long as the CQ isn't approved we can't submit a bouncy castle
Another possibility would be to enable use of an external GPG implementation
by forking another process similar to what we have to enable using an
external SSH implementation (see jgit commit 22e720ce).