Date: Sun, 31 Dec 2000 12:33:27 -0600 From: "Michael C . Wu" <keichii@iteration.net> To: Wes Peters <wes@softweyr.com>, bmah@freebsd.org Cc: Will Andrews <will@physics.purdue.edu>, ports@FreeBSD.ORG, Robert Watson <rwatson@FreeBSD.ORG>, Warner Losh <imp@village.org>, Kris Kennaway <kris@FreeBSD.ORG> Subject: Re: Package signing tools Message-ID: <20001231123327.A27808@peorth.iteration.net> In-Reply-To: <3A4F72F2.E273B8C9@softweyr.com>; from wes@softweyr.com on Sun, Dec 31, 2000 at 10:54:58AM -0700 References: <3A4ED1C0.14061CE5@softweyr.com> <20001231003920.A24519@peorth.iteration.net> <20001231014344.T305@argon.firepipe.net> <3A4EDE33.84C7072@softweyr.com> <20001231022101.A24801@peorth.iteration.net> <3A4F72F2.E273B8C9@softweyr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Dec 31, 2000 at 10:54:58AM -0700, Wes Peters scribbled: | Oh, I see. What we really need is a PGP library, which I think GPG was | supposed to provide someday. Having a non-GPL PGP library would sure be | nice. Yes and yes I also think that we should have a default signing scheme. Personally, I like X.509. It does not really matter which one, just pick it yourself to avoid the bikeshed. | It's major output is a "yes" or "no" answer. Keep in mind this only works | on the .tgz file, not on the package after installed on the system. It | would be simple to extend pkg_info or pkg_version to report if a .tgz has a | signature and if so, if it matches, by the return value from pkg_check. I'm | not certain the return values are maintained that carefully right now, but | I'll look through the code and make it return 0 for "has signature, is | verified", negative for "has signature, not verified" and positive for "no | signature". Would that suffice? Yes, and we also need to modify 'pkg_version -c'. So that, instead of compiling the ports, we can have 'pkg_version -c' fetch the packages instead, along with verifying the signature of the .tgz's. This way, the user can simply do "sh `pkg_version -c`", get the packages, update his entire installation, and so forth via one command. -- +------------------------------------------------------------------+ | keichii@peorth.iteration.net | keichii@bsdconspiracy.net | | http://peorth.iteration.net/~keichii | Yes, BSD is a conspiracy. | +------------------------------------------------------------------+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001231123327.A27808>