Date: Fri, 18 Sep 2020 11:29:45 +0000 From: Glen Barber <gjb@freebsd.org> To: grarpamp <grarpamp@gmail.com> Cc: freebsd-security@freebsd.org Subject: Re: 12.2R Sigs Message-ID: <20200918112945.GJ26726@FreeBSD.org> In-Reply-To: <CAD2Ti28c74jVbt2u9X1M7GHf%2B4d4YuZAQbDTg8rftBFNQZjpGQ@mail.gmail.com> References: <CAD2Ti2-YFpWp3-Ctc%2BraDhrW=4GQ0oQvX2Uau9QHrxU3yTS-ag@mail.gmail.com> <20200917204102.GG26726@FreeBSD.org> <CAD2Ti2_ewtpH5wiZZKB=p%2B2u2%2BUpRGuD%2BtpF55NDP%2BFuNU8XrA@mail.gmail.com> <20200918001257.GI26726@FreeBSD.org> <CAD2Ti28c74jVbt2u9X1M7GHf%2B4d4YuZAQbDTg8rftBFNQZjpGQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--VIOdPewhitSMo36n Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Sep 17, 2020 at 09:09:26PM -0400, grarpamp wrote: > >> > And there is the PGP-signed email to stable@ that contains > >> > them. > >> > >> Future noting that lists do not support foreknown path schemes > >> for that data. Whereas repo, website and dataset locations are more > >> predictable and programmatic... allowing fetching, validation, etc. > > > > And for RC builds, they are predictable and programmatic. >=20 > Users would have to get and search the entire lists content to > find such sig posts, unfortunately no there are no nice predicted > paths to such single emails supporting simple fetch of associated > sig infos, ie: no schema <service>://<path_to_data>/13.x/<foo>.asc >=20 > Mail are not, it can't... ie: it has no hier, path, file globbing regex *= , etc. >=20 > The website and distribution methods mentioned earlier are > possible. (Now just for RC and RELEASE, as clarified in thread.) >=20 > Website has them in nice paths today, >=20 > individually... > https://www.freebsd.org/releases/12.1R/signatures.html >=20 > and in bulk... > https://www.freebsd.org/releases/12.1R/announce.asc >=20 > but they are not present in what should be their natural > cohabitation set within the other distribution methods, > such as the case of https / ftp / rsync / torrent / etc for... > https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/12.1/ >=20 > > I am not on postmaster. >=20 > What that mean in context? > Only some volunteer for that role, as any other, > it's ok not to be in two or more of them. Sorry, something you said was misinterpreted by me, and I was answering something that I thought you had asked, but had not. So it is a bit difficult for me to explain what I meant with this part of my reply. In any case, after the doc tree is tagged (which is included on the installation medium for reproducibility), RC1 and subsequent RCs and the final RELEASE build will be programmatically fetchable. The announce.asc file is only created for the final RELEASE build, however. Glen --VIOdPewhitSMo36n Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEjRJAPC5sqwhs9k2jAxRYpUeP4pMFAl9kmiMACgkQAxRYpUeP 4pPSWxAAjrQWg+vjq7B4XoOQAqmPLorAFer0oZAhKT79P8R9TcWKWFcyckAkEcRH vv9D0axY0uuNvRoMZR7QUCxtuB+snshmrvT5GQ3hnnzTe20wRAUVwlZPSJLEwmOf ljLplk94LpZMyW4N1Kb8dTY004Xl+XR7kRLtpnHsww0DJAxJPgBb48shvbMv6eGB Vj8KR3HVLojUw9DinIyGffRoJEzOORgLusPlBvSOojRurIgX/Wtbol61I8NHwsi9 P4PKiwxuDhaH1X4J6mOGF3CLYNcOXjFZPnLaOrBVKXQbrJpkIOne9kFGatrJ4lQG m5Qd9ll+yvsShEDVxKjBytaIlnaka77G0ezpX6sA3Fnid0NwGu7dsJWbtSx2AF80 N5vnll9znDBo0QUQjdQxKkK4t1HcAYfpefJqcLrotBbwmB+VkflsxS/etwGlFsSV 5JsH+y+UGxqM6FxWqr+p/R40nkQAh2tmtBPmkA36v0laURJ1KWzmV2nn9vcWi91C IUB1atZjfX+JmmBsKE3qlxBUOjkJf/cjTcbUS5D8re3yFRrrrS5Pi7OEweYVwWYs eEjk7LA4xUiAnBzgeSg7EO3XxkDrcEpIvlgj+sa8krvYGifKOBHWuDY4lYCyWOn6 NtjTbI9Ts9afPSgxzhEKnjCo5GduB8cH+q3JoDZ5bmhPkD1xnrQ= =bcf4 -----END PGP SIGNATURE----- --VIOdPewhitSMo36n--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200918112945.GJ26726>