From owner-freebsd-ports@FreeBSD.ORG Tue Mar 29 03:46:09 2011 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D043E106566B; Tue, 29 Mar 2011 03:46:09 +0000 (UTC) (envelope-from kaduk@mit.edu) Received: from dmz-mailsec-scanner-5.mit.edu (DMZ-MAILSEC-SCANNER-5.MIT.EDU [18.7.68.34]) by mx1.freebsd.org (Postfix) with ESMTP id 5B5488FC08; Tue, 29 Mar 2011 03:46:09 +0000 (UTC) X-AuditID: 12074422-b7ccdae000003dab-d7-4d91527ef97d Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) by dmz-mailsec-scanner-5.mit.edu (Symantec Messaging Gateway) with SMTP id 36.70.15787.E72519D4; Mon, 28 Mar 2011 23:31:10 -0400 (EDT) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id p2T3V6pO000549; Mon, 28 Mar 2011 23:31:06 -0400 Received: from multics.mit.edu (MULTICS.MIT.EDU [18.187.1.73]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id p2T3V4rb020479 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 28 Mar 2011 23:31:05 -0400 (EDT) Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id p2T3V32o008353; Mon, 28 Mar 2011 23:31:03 -0400 (EDT) Date: Mon, 28 Mar 2011 23:31:03 -0400 (EDT) From: Benjamin Kaduk To: Julien Laffaye In-Reply-To: Message-ID: References: <20110325101111.GA36840__48943.3474642739$1301049771$gmane$org@azathoth.lan> <4D90C8EA.2000901@freebsd.org> User-Agent: Alpine 1.10 (GSO 962 2008-03-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrMIsWRmVeSWpSXmKPExsUixG6nrlsXNNHX4PxdEYvfvy6yWmxYUGjx +MM+Rottk1sZHVg8ZnyazxLAGMVlk5Kak1mWWqRvl8CVsXT9NPaCRewV99vXsDcw3mPtYuTk kBAwkZh5ew8ThC0mceHeerYuRi4OIYF9jBIT111ihHA2MEo0zvnMBOEcYJJY+nYeC4TTwCjx cu1eRpB+FgFtiXMfdrKB2GwCKhIz32wEs0UENCVm31zGDGIzC0RJHOvdDbZPWMBZ4sOzb2A1 nALeEjPOvgKr4RVwlPh4YyfUHV8ZJSbdP8wOkhAV0JFYvX8KC0SRoMTJmU9YIIZaSpz7c51t AqPgLCSpWUhSCxiZVjHKpuRW6eYmZuYUpybrFicn5uWlFuma6uVmluilppRuYgSHrYvSDsaf B5UOMQpwMCrx8G65NcFXiDWxrLgy9xCjJAeTkiivQOBEXyG+pPyUyozE4oz4otKc1OJDjBIc zEoivBdYgXK8KYmVValF+TApaQ4WJXHeOZLqvkIC6YklqdmpqQWpRTBZGQ4OJQleZmB8CgkW paanVqRl5pQgpJk4OEGG8wAN/w+ymLe4IDG3ODMdIn+KUVFKnFcQpFkAJJFRmgfXC0srrxjF gV4R5j0P0s4DTElw3a+ABjMBDQ5UmgAyuCQRISXVwMhcGTixnz2QJYmD7dqiJxblE/5XccsG Hf7WEnjCK/Rlfs/L7VGF0/o2Vk2f8GLPNSdedxFbzt2qW2+7SKSu2jvzKXe1zcrfRUvj3h37 qd9gZnpp9b6O6esetcTfLNTp3b48eOuFVx4FngnWBjdygt507HP/5nXitHq/fOOGxfulTnyp jbrEO1WJpTgj0VCLuag4EQDr+0jpBgMAAA== Cc: ports@freebsd.org, Baptiste Daroussin , hackers@freebsd.org Subject: Re: [ECFT] pkgng 0.1-alpha1: a replacement for pkg_install X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Mar 2011 03:46:09 -0000 On Mon, 28 Mar 2011, Julien Laffaye wrote: > On Mon, Mar 28, 2011 at 6:59 PM, Garrett Cooper wrote: >> On Mon, Mar 28, 2011 at 10:44 AM, Andriy Gapon wrote: >>> >>> II. Package signing. >> >> That would be really nice. > > Right know we only planned to sign the repo database, so we can trust > the sah256 of the packages stored in the database. Then if the package > has the same sha256 as the one in the repo database it is considered > trusted. > If we want a per-package signing, we would have a tarball in a tarball. I really expected this to have been mentioned already, but this approach (tarball in a tarball) is taken by Debian packages, and I don't remember hearing of any issues related to it. I don't think it's worth discounting from the start without giving some considerationg, but I will defer to the people actually doing the work. -Ben Kaduk