- 05 Oct, 2017 4 commits
-
-
Rubén Dávila authored
-
Rubén Dávila authored
-
Rubén Dávila authored
Additionally we're delegating missing method calls on GpgKeySubkey to GpgKey since most of the info required when verifying a signature is found on GpgKey which is the parent of GpgKeySubkey
-
Rubén Dávila authored
-
- 05 Sep, 2017 6 commits
-
-
Alexis Reigel authored
-
Alexis Reigel authored
-
Alexis Reigel authored
-
Alexis Reigel authored
this is used to make a difference between a committer email that belongs to user, where the user used a different email for the gpg key. this means that the user is the same, but a different, unverified email is used for the signature.
-
Alexis Reigel authored
the updated verification of a gpg signature requires the committer's email to also match the user's and the key's emails.
-
Alexis Reigel authored
we need the commit object for the updated verification that also checks the committer's email to match the gpg key and user's emails.
-
- 16 Aug, 2017 1 commit
-
-
Douwe Maan authored
-
- 27 Jul, 2017 12 commits
-
-
Alexis Reigel authored
-
Alexis Reigel authored
-
Alexis Reigel authored
-
Alexis Reigel authored
-
Alexis Reigel authored
we introduced memoizing, so it's safe to call the method multiple times.
-
Alexis Reigel authored
-
Alexis Reigel authored
-
Alexis Reigel authored
we need to store the keyid to be able to update the signature later in case the missing key is added later.
-
Alexis Reigel authored
as we write the cache in the gpg commit class already the read should also happen there. This also removes all logic from the main commit class, which just proxies the call to the Gpg::Commit now.
-
Alexis Reigel authored
-
Alexis Reigel authored
-
Alexis Reigel authored
we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation.
-