[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: CVS commit: src/usr.bin/nbsvtool
On Tue, Jul 15, 2008 at 12:56:46AM +0200, Hubert Feyrer wrote:
> On Mon, 14 Jul 2008, Dieter Baron wrote:
>> attached is an updated version of the man page, please review.
I've committed an improved version, feel free to improve upon it.
From the commit message:
: Also, this man page assumes familiarity with the concepts uesd.
: While fully describing these concepts is outside the scope of this
: man page, a pointer to such a description should be included.
: Someone who knows of such a description, please provide pointers.
: Finally, we should have a companion tool to create the peaces needed
: to use this tool: set up a CA, create a certificate chain and a
: private key/certificate pair for signing.
> Details! What kind of files, where do they come from, how does one create
> The writer of that manpage seems to assume a lot of knowledge that I doubt
> is available...
Like I said, I think that is outside the scope of this man page;
rather, it should point to a good introduction to the concepts.
Sadly, I don't have one.
> This also goes for all other files - at least giving a hint via a filename
> suffix may help a bit.
Agreed. Joerg, could you please add the usual suffixes to the names
used in arguments, options, and examples?
> The EXAMPLES section sounds useful from the remote, but it needs more steps
> to get to a point where it can be used. Setup of the CA and whatever else
> needs to be done should be documented - not in this manpage, I guess, as
> other parts (postfix? ldap? httpd? ...?) may need the same knowledge. Put
> this into a common manpage, and reference it!
I think we should have a similar tool for this, see above.
>> Verify that the signature hello.sp7 is valid for file hello
>> and that the certificate used allows code signing.
>> nbsvtool verify-code hello hello.sp7
>> Same as above, but for file file.
>> nbsvtool -u code verify file file.sp7
> I don't get the difference here. Is it only the filename? Why use
> "verify-code" in one place, and "-u code verify" in the other place? And
> what is "code" anyways, in the latter example?
There is little difference, so I removed one of them.
>> SEE ALSO
> That file seems to describe something similar as the manpage at hands, yet
> it also lacks the steps to setup the whole process (it seems to me).
nbsvtool provides more convenient access to a subset of the
functionality provided by openssl_smime.
> Way to go until this is foolproof... :-(
This is not an end user tool, so it doesn't have to be fool proof.
I expect the application using this tool (e.g. pkg_install) to provide
additional information about the policies in use.
Main Index |
Thread Index |