tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Binary patch generation script (initial version)

On Sat, May 02, 2009 at 02:25:27PM +0200, Tonnerre LOMBARD wrote:
[Alistair wrote]:> 
> > As already indicated, please consider the use of netpgp and the
> > existing web of trust. There's a package in pkgsrc/security/netpgp.
> That would mean changing the current patch format entirely and
> rewriting the other tools; I'd prefer to get them running first
> and to introduce a new patch format with PGP later if required.
> For now, OpenSSL was chosen in order to add as few out-of-base
> dependencies as possible.

Please don't change this to use PGP by default.  If the intent is to
have the NetBSD Foundation produce patches in a centralized way and
distribute them to users, a hierarchical trust model is better -- and
we already have the tools and libraries in the system to support it
the way you wrote your code.

Thor Lancelot Simon                               
    "Even experienced UNIX users occasionally enter rm *.* at the UNIX
     prompt only to realize too late that they have removed the wrong
     segment of the directory structure." - Microsoft WSS whitepaper

Home | Main Index | Thread Index | Old Index