--=-=-=


Love <lha@stacken.kth.se> writes:

> der Mouse <mouse@Rodents.Montreal.QC.CA> writes:
>
>> (S/MIME, maybe?)  The nbsvtool (or whatever) signatures can be checked
>> by the NetBSD tools
>
> nbsvtool generate CMS signatures, S/MIME is CMS signature. all nbsvtool
> gives you is a simple interface that pkg tools can use.

Less coffee, then I might understand your mail first time I read it..

I totally agree with you as you already might have figured out, but it
unclear what values pgp signatures are giving unless some policy is also
defined with them.

The policy for x509 + pkg is pretty simple, trust netbsd CA to only issue
certifiates with code-signing oid to releng. Policy for CA is diffrent
issue, but policy texts like that have been written before.

Love


--=-=-=
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (NetBSD)

iQEVAwUAQKkXs3W+NPVfDpmCAQL+vAf8C0thp68V1SZJP2zoCmANUiWt/DAC+6a1
J7I4o75OZ/bo/uDnTwhn5Rau+vMWAnolwNqBsEiY8TWMq8ePcoC9V3qAXc/k4h7N
9+K5JQtrTcUaDCwDNOjIBXEC1qnTFvV19j8KvVmeVaUG9vsvWb9TwhX79R+B9ssb
c6Z0Gc+3I9ykfoQ2CNN79PULEo5Ji6Jy8DBj7X54CaKpZH2t8YLcb5h2A1ET2eh9
XY0oqdTdH4QokCNtE6xz3iC2YRSQ0ddyG/rcqWO7JuYDQ6QklZNSiH+mHe79oUOx
noSzVVsY+C96A5hAdA+4gXJ5I0jSmPma8w0nNUYuJnNNNhXp2yDDHg==
=RyWP
-----END PGP SIGNATURE-----
--=-=-=--