Date: Sun, 31 Dec 2000 10:48:33 -0700 From: Wes Peters <wes@softweyr.com> To: Warner Losh <imp@village.org> Cc: ports@FreeBSD.ORG Subject: Re: Package signing tools Message-ID: <3A4F7171.4D5786AB@softweyr.com> References: <3A4EDE33.84C7072@softweyr.com> <3A4ED1C0.14061CE5@softweyr.com> <20001231003920.A24519@peorth.iteration.net> <20001231014344.T305@argon.firepipe.net> <200012310741.eBV7f4s09193@billy-club.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Warner Losh wrote: > > In message <3A4EDE33.84C7072@softweyr.com> Wes Peters writes: > : This has been in the queue for 8 months. The original OpenBSD code has > : existed for several years. You can have it if you want it, but I'm not > : going to have it bikeshedded to death, or into pkg_info or pkg_version or > : pkg_anythingelse. The functions are not related: this program signs a > : a package and checks the signature on a package is valid; pkg_info and > : pkg_version do other things. > : > : Try to stay on track here, people. This is not an attempt to write a new > : package delivery mechanism, it's just a simple tool to verify you got what > : you asked for. > > I agree 100%. I've taken a look at the code that wes has done and it > looks good (modulo the crypto stuff). > > However, you could easily add an option to pkg_add that will call > this program... Mmmm, yes, pkg_add --verify or something like that? I'd have it actually run the pkg_check executable so we don't mix the crypto code into the pkg_add executable, for those who build FreeBSD without the crypto support. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A4F7171.4D5786AB>