From owner-freebsd-ports@FreeBSD.ORG Thu Jan 24 11:19:44 2013 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 893BEE9D for ; Thu, 24 Jan 2013 11:19:44 +0000 (UTC) (envelope-from freebsd@grem.de) Received: from mail.grem.de (outcast.grem.de [213.239.217.27]) by mx1.freebsd.org (Postfix) with SMTP id F0B68F80 for ; Thu, 24 Jan 2013 11:19:43 +0000 (UTC) Received: (qmail 17222 invoked by uid 89); 24 Jan 2013 11:19:41 -0000 Received: from unknown (HELO bsd64.grem.de) (mg@grem.de@80.137.80.252) by mail.grem.de with ESMTPA; 24 Jan 2013 11:19:41 -0000 Date: Thu, 24 Jan 2013 12:19:42 +0100 From: Michael Gmelin To: freebsd-ports@freebsd.org Subject: Re: Using bidirectional authentication in pkgng Message-ID: <20130124121942.07436be3@bsd64.grem.de> In-Reply-To: <86d2wuvrjg.fsf@ds4.des.no> References: <20130118035721.283135fb@bsd64.grem.de> <50F9B6CC.3040303@infracaninophile.co.uk> <20130122193035.4c51be04@bsd64.grem.de> <20130123004147.GG27275@ithaqua.etoilebsd.net> <86d2wuvrjg.fsf@ds4.des.no> X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.6; amd64-portbld-freebsd9.0) Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: des@des.no X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Jan 2013 11:19:44 -0000 On Thu, 24 Jan 2013 10:50:11 +0100 Dag-Erling Sm=C3=B8rgrav wrote: > Baptiste Daroussin writes: > > Michael Gmelin writes: > > > I implemented the necessary bits over the weekend and filed a PR > > > containing the patch (SSL peer verification, hostname checking, > > > client certificates etc.). > > >=20 > > > http://www.freebsd.org/cgi/query-pr.cgi?pr=3D175514 > > >=20 > > > Assuming the code quality is sufficient, it would be great if it > > > made it to base (not sure if des@freebsd.org is still taking care > > > of libfetch).=20 > > Yes he is, that is why I have CCed him >=20 > Thank you. >=20 > The patch looks interesting, modulo a metric buttload of style > issues :) Would be great if you could point out the exact issues, so I could avoid them next time (I spent literally hours trying to clean up the code so it complies to style(9), even though it doesn't seem like fetch really follows it either). Other people's coding standards are always arbitrary and, um, wrong anyway, you know ;) > I'll take a closer look in a few days, feel free to remind > me. Will do. >=20 > > > That said, if there's interest I could volunteer to implement DANE > > > later this year - assuming there is someone who can audit the > > > results. >=20 > If you're interested in working on fetch, I'm looking for someone > who's willing to help reimplement it from scratch. I can only work on open source projects in my spare time - this was slightly different since we might profit from being able to use pkg in a compliant way. A complete re-implementation sounds more like a summer of code project to me. Assuming I'm able to get DANE in there, maybe somebody else could pick up all the bits and pieces and repackage them. Well, let's see, never say never :) >=20 > DES Cheers, --=20 Michael Gmelin