Re: pkgsrc binary packages security with pkgin

To: netbsd-users%netbsd.org@localhost
Subject: Re: pkgsrc binary packages security with pkgin
From: yarl-baudig%mailoo.org@localhost
Date: Sat, 1 Feb 2020 11:05:04 +0100 (CET)

For a quick summary from all your answers since martin's, if I may.
His answer is still perfectly valid to me.

Assuming you trust everything before, because not assuming that is confusing and counterproductive in this particular discussion,
I wanted to focus, while there is probably work there too (there is always):
- upstream softwares in pkgsrc. pkgsrc-vulnerabilities is a partial answer, right?
- packagers
- builders
So, assuming that above:
- https more trivial to use
- https only protects the link between you and binary packages server
- sigs protects from the builder to you, this adds a lot

Also, while it is relevant to compare https and signatures, security is about resilience.
There must be a valid trust chain to which add strata, if possible.

Obviously, deciding to sign packages involves asking questions about key management.
Be that as it may, the decision to believe is already made, the objective is to formalize it.

Yours sincerely

References:
- Re: pkgsrc binary packages security with pkgin
  - From: Greg Troxel

Prev by Date: Re: pkgsrc binary packages security with pkgin
Next by Date: Re: pkgsrc binary packages security with pkgin
Previous by Thread: Re: pkgsrc binary packages security with pkgin
Next by Thread: Re: pkgsrc binary packages security with pkgin
Indexes:

Home | Main Index | Thread Index | Old Index