Subject: Re: BPG call for use cases
To: Hubert Feyrer <email@example.com>
From: Curt Sampson <firstname.lastname@example.org>
Date: 07/22/2005 18:16:50
On Thu, 21 Jul 2005, Hubert Feyrer wrote:
> 2) signed binary pkgs. See pkg_add -s. I think there's room for changing the
> interface in pkg_add etc. as it's not actively used right now (as far as I
> know). Communication should happen on tech-pkg@NetBSD.org WRT that.
For pkg_add, how does this sound?
1. We include the signature in the package itself. This might be a
list of all of the files in the archive (excepting the signature
file itself), their sizes and hashes (multiple ones), the signature
itself, and the public key used to sign the package, all as an
2. When pkg_add detects a signature, it verifies the signature and
the hashes of all of the files. It then does something undefined
(probably involving invoking bpg routines) to decide if the
signature is trusted, and if not, it issues appropriate warnings and
asks if it should continue, or abandons the install, or whatever.
3. Something is added either to BPG (a generic tar file signer?) or
to the package creation tools to create this signature. (See also
the "generic archive signer" use case.
This avoids dealing with the -s option at all.
Curt Sampson <email@example.com> +81 90 7737 2974 http://www.NetBSD.org
Make up enjoying your city life...produced by BIC CAMERA