diff --git a/SPEC.md b/SPEC.md index fea584a..09ef7b2 100644 --- a/SPEC.md +++ b/SPEC.md @@ -64,7 +64,7 @@ access_controls: When a change commit (see Commits section) is being signed by a signifier there is an expected data format for the data to be signed. The format is a SHA-256 -hash of the following pieces of data concatenated together (the change hash): +hash of the following pieces of data concatenated together: * A uvarint indicating the number of bytes in the commit message. * The message. @@ -86,6 +86,19 @@ hash of the following pieces of data concatenated together (the change hash): The raw output from the SHA-256 is then prepended with a `0` byte (for forward compatibility). The result is the raw change hash. +# Comment Message Hash + +When a comment commit (see Commits section) is being signed by the signifier of +the author there is an expected data format for the data to be signed, very +similar to how change hashes are signed. The format is a SHA-256 hash of the +following pieces of data communicated together: + +* A uvarint indicating the number of bytes in the comment message. +* The message. + +The raw output from the SHA-256 is then prepended with a `0` byte (for forward +compatibility). The result is the raw comment hash. + # Credentials All file changes need to have some kind of credential to be accepted into the @@ -180,6 +193,7 @@ Example credential commit message: some_user_id pgp sig of commits AAA..BBB with key CCC --- +type: credential credentialed_hash: XXX credentials: - type: pgp_signature @@ -188,6 +202,37 @@ credentials: body: "base-64 signature body" ``` +## Comment Commits + +Commits of type `comment` contain a message for others to read. The commit +message head is not spec'd, but should be a human-readable description of "who +is commenting what". + +Example credential commit message: + +``` +some_user_id has commented: Hey all, how's it going? + +--- +type: comment + +# The message_hash is computed from the message, and reproduced here for +# forwards compatibility. See the Comment Message Hash section. +message_hash: XXX +message: > + Heay all, how's it going? + + Just wanted to pop by and say howdy. + +# credentials can contain a signature from the author of this comment's +# message_hash. +credentials: + - type: pgp_signature + account_id: some_user_id + pub_key_id: CCC + body: "base-64 signature body" +``` + # Branches dehub branches correspond 1-to-1 with branches in the underlying git repo. All