Date: Mon, 1 Jan 2001 14:38:03 -0200 From: "Mario Sergio Fujikawa Ferreira" <lioux@uol.com.br> To: Kris Kennaway <kris@FreeBSD.ORG> Cc: Wes Peters <wes@softweyr.com>, "Michael C . Wu" <keichii@peorth.iteration.net>, ports@FreeBSD.ORG, Robert Watson <rwatson@FreeBSD.ORG>, Warner Losh <imp@village.org> Subject: Re: Package signing tools Message-ID: <20010101143803.A3416@Fedaykin.here> In-Reply-To: <20010101083459.B12422@citusc.usc.edu>; from kris@FreeBSD.ORG on Mon, Jan 01, 2001 at 08:34:37AM -0800 References: <3A4ED1C0.14061CE5@softweyr.com> <20001231003920.A24519@peorth.iteration.net> <3A4EDCA9.5CEA7114@softweyr.com> <20010101083459.B12422@citusc.usc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 01, 2001 at 08:34:37AM -0800, Kris Kennaway wrote: > On Sun, Dec 31, 2000 at 12:13:45AM -0700, Wes Peters wrote: > > > Yeah, it's a good idea, but this is really a simple standalone program. > > It doesn't prevent you from pkg_add'ing something, you have to chose to > > pkg_check it and see if the result is kosher. It is at this time orthogonal > > to pkg_version. > > Checking the signature should be automatic and part of pkg_add, which > should refuse to add the package if it fails. And, "smart users" should be allowed to bypass this if they wish so. ;) Just like checksum. But, with scarier warnings. -- Mario S F Ferreira - UnB - Brazil - "I guess this is a signature." lioux at ( freebsd dot org | linf dot unb dot br ) flames to beloved devnull@someotherworldbeloworabove.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010101143803.A3416>