Subject: Re: little hacking project: bulk build checksums
To: Jan Schaumann <email@example.com>
From: Todd Vierling <firstname.lastname@example.org>
Date: 01/22/2005 12:54:43
On Sat, 22 Jan 2005, Jan Schaumann wrote:
> Things to consider here is whether or not packages should be signed by
> the developer building them or by a known common key (security-officer?
> a new 'pkgsrc' key?). This would also entail adding the necessary bits
> to the pkg* tools to verify the signature, which would mean getting PGP
> functionality into the base system.
OpenSSL has a certificate signature system. This, too, has been discussed
off and on.
> Getting PGP support into the base system would be great, but is unlikely
> at the moment, since surely we don't want gnupg (with the worst human
> interface ever + GPL)...
PGP[i]'s license is even "worse," but in different ways. 8-)
-- Todd Vierling <email@example.com> <firstname.lastname@example.org>