tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: officially signed packages

On Mon, Apr 07, 2014 at 11:12:06PM +0200, Fredrik Pettai wrote:
> On Apr 7, 2014, at 22:13 , Marc Espie <> wrote:
> > That's the one reason why we went for pure keys in OpenBSD, without any
> > kind of CA.
> [?]

Just that. We use pure ED25519 keys.  There is no chain of trust.

The keys are published as part of the base release.  Adding any chain
of trust wouldn't make things more secure. How much trust do you put in
your toolchain prior to installing anything trustworthy ?

Home | Main Index | Thread Index | Old Index