Date: Sat, 21 Mar 1998 03:51:20 +0100 From: Eivind Eklund <eivind@yes.no> To: Robert Watson <robert+freebsd@cyrus.watson.org>, Derek Flowers <djflow@portwwwbus.tc.cc.va.us> Cc: Wes Peters - Softweyr LLC <softweyr@xmission.com>, "Daniel O'Callaghan" <danny@panda.hilink.com.au>, stable@FreeBSD.ORG Subject: Re: after the release ... Message-ID: <19980321035120.19492@follo.net> In-Reply-To: <Pine.BSF.3.96.980320213203.22356C-100000@cyrus.watson.org>; from Robert Watson on Fri, Mar 20, 1998 at 09:33:35PM -0500 References: <Pine.BSF.3.96.980320211843.5518B-100000@portwwwbus.tc.cc.va.us> <Pine.BSF.3.96.980320213203.22356C-100000@cyrus.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Mar 20, 1998 at 09:33:35PM -0500, Robert Watson wrote: > On Fri, 20 Mar 1998, Derek Flowers wrote: > > > Why not model it after RPM? If the size and md5 do not match, return an > > error. Allow the user to overide the check if they wish to do so. > > > > Just to get a feel for pkg_add, what are the stpes taken to add the > > software? I'm thinking the check could be done in the install script, > > assuming it executes a script like make would. > > Errr. How do you know that the md5 is right? Digital signatures have to > come into this somewhere :). Or secure trusted transmission (i.e., the > HTTPS idea). I'm right now looking at adding support for the JAR manifest standard to pkg_add. The only loss I can see is that until somebody re-write the signing software you'll have to have Java installed to sign packages. I hope the amount of work to make this work should be feasible to have it ready over the next few days - it looks fairly simple. More info is at http://www.javasoft.com/products/jdk/1.2/docs/guide/jar/manifest.html Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980321035120.19492>