[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Reasons for having SHA512?
On 13.06.2011 23:35, Aleksey Cheusov wrote:
> If we sign pkg_summary(5) containing sha512 and rmd160 cksums (just like
> we do for distfiles) for all packages, is it really necessary to sign
> every package individually? I think no. It seems to me that we can just
> remove some unnecessary code from pkg_admin(8) and keep pkg_summary(5)
> and binary packages on ftp:// always in sync.
From a management perspective, single pkg signature are a necessity in
different setups, most notably:
1 - building standalone/offline pkgs: requires to download a third party
file, to which we apply signature check then check pkg checksum. Some
Linux distros do that, and it's a PITA when you want to sign your own
pkg without having to deploy a half-arsed repository behind. It's
especially tiresome when the sig is not "attached" to the pkg (think
about pkg fetched inside distfiles/ -- without the pkg_summary file
around, they are almost useless as you won't be able to check the sig at
2 - someone sets up a system where packages have signatures coming from
different people (lets say: foo is in charge of building binary pkg A
and bar is in charge of pkg B): how/what would you do to check sigs
here? Forcing foo/bar to deploy their own repo?
IMHO, pkg should be uniquely signed at build/package time (depending on
configuration). Although pkg_summary signing looks lighter, it raises
some questions. Using hashes in a third party file for some sort of
"transitivity" signing scheme looks like a route full of traps.
Main Index |
Thread Index |