Cryptographically enabled ports tree.
William Fletcher
ultraviolet at epweb.co.za
Mon Jun 23 00:32:03 PDT 2003
Oh, and, the cvsup -a option, how trust-worthy is that?
On Mon, Jun 23, 2003 at 09:24:18AM +0200, William Fletcher wrote:
> Hi, again.
>
> No use signing if cvsup is a mess.
> We need cvsup-ssl, Then, all the big security guys need to do
> is provide a public key for the cvsup-mirrors, which then get
> the public key for the big cvsup server, etc.
>
> That way, cvsup is secure, and we can trust it.
>
> Then, we just get all the ports maintainers to provide public keys
> and then we can download the distfiles from ftp\http and know
> they're trusted.
>
> On the other hand, this means that we don't really need signed
> distfiles, the md5 checksum should do just fine, because we know
> that we're getting our ports tree from a trusted source.
>
> Thats just how I see it. Please, Please stop me if I'm wrong.
>
> Please correct me if I misunderstood all the e-mails in this thread too.
>
> --
> William Fletcher (ultraviolet) Powered by http://www.FreeBSD.org/
> IT Administrator, EPWeb networks. irc at irc.epweb.co.za
> http://www.epweb.co.za/ http://vision.za.net/irc/
> Tel: +27 (041) 395 6800
> Fax: +27 (041) 395 6818
> Support: support at epweb.co.za
>
> For countless days, We walked alone, Directionless and vunerable, Sitting targets wearing smiles.
>
--
William Fletcher (ultraviolet) Powered by http://www.FreeBSD.org/
IT Administrator, EPWeb networks. irc at irc.epweb.co.za
http://www.epweb.co.za/ http://vision.za.net/irc/
Tel: +27 (041) 395 6800 Worship me! :)
Fax: +27 (041) 395 6818
Support: support at epweb.co.za
Super Admin... Da-ta-da!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-chat/attachments/20030623/56b4f0ee/attachment.bin
More information about the freebsd-chat
mailing list