From owner-freebsd-stable Fri Mar 20 18:35:11 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA29320 for freebsd-stable-outgoing; Fri, 20 Mar 1998 18:35:11 -0800 (PST) (envelope-from owner-freebsd-stable@FreeBSD.ORG) Received: from fledge.watson.org (root@FLEDGE.RES.CMU.EDU [128.2.91.116]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA29289 for ; Fri, 20 Mar 1998 18:35:06 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from cyrus.watson.org (cyrus.pr.watson.org [192.0.2.4]) by fledge.watson.org (8.8.8/8.6.10) with SMTP id VAA21647; Fri, 20 Mar 1998 21:33:36 -0500 (EST) Date: Fri, 20 Mar 1998 21:33:35 -0500 (EST) From: Robert Watson Reply-To: Robert Watson To: Derek Flowers cc: Wes Peters - Softweyr LLC , "Daniel O'Callaghan" , stable@FreeBSD.ORG Subject: Re: after the release ... In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk On Fri, 20 Mar 1998, Derek Flowers wrote: > Why not model it after RPM? If the size and md5 do not match, return an > error. Allow the user to overide the check if they wish to do so. > > Just to get a feel for pkg_add, what are the stpes taken to add the > software? I'm thinking the check could be done in the install script, > assuming it executes a script like make would. Errr. How do you know that the md5 is right? Digital signatures have to come into this somewhere :). Or secure trusted transmission (i.e., the HTTPS idea). Robert N Watson Carnegie Mellon University http://www.cmu.edu/ SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org http://www.watson.org/~robert/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message