NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: pkgsrc binary packages security with pkgin



On 2020-01-31 12:39, Johnny Billquist wrote:
On 2020-01-31 12:37, Manuel Bouyer wrote:
On Fri, Jan 31, 2020 at 12:32:06PM +0100, Johnny Billquist wrote:
Of course you can. But then you need to have a whole list of trusted public keys that needs to be managed, which again leads to the question of which
keys are now the acceptable ones. And how to you trust new builders? Can
anyone then be added to the list of official builders of packages, or how to
you manage that side?
Key management is not trivial.

Of course it's not. But this is not really a technical issue.

Security is never a technical issue, more than at the surface...

(Which is why I objected to the implication that https is important, and somehow adds some security here in the first place.)

  Johnny

--
Johnny Billquist                  || "I'm on a bus
                                  ||  on a psychedelic trip
email: bqt%softjar.se@localhost             ||  Reading murder books
pdp is alive!                     ||  tryin' to stay hip" - B. Idol


Home | Main Index | Thread Index | Old Index