tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: officially signed packages

On Apr 7, 2014, at 22:51 , Thomas Klausner <> wrote:
> On Mon, Apr 07, 2014 at 05:50:53PM +0200, Alistair Crooks wrote:
>> Personally, I would never trust a CA-signed cert for this use case,
> I'm probably missing something, but what's the problem with including
> one CA root certificate with pkgsrc, created by TNF, and certifying
> bulk builders with it?

I think he rants at the commercial CA industry.

Anyway, read the paper, it seems none of the open source implementation (which 
are the most popular ones) they tested managed to handle all the different 
certificate parameters correct for all given situations…


Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Home | Main Index | Thread Index | Old Index