On Thu, Feb 10, 2005 at 12:52:35PM -0500, Todd Vierling wrote:
> > But let's see what else is displayed at package build time
> 
> I didn't mention package build time.  I'm only talking about pkg_* tool
> usage for binary packages, which has a slightly different target audience
> (in the case of pkg_add, at least).

Oh, you hadn't made it clear that you were talking about binary
package addition. Presumably package deletion is covered as well.

> > There have been no calls to remove the "mismatched OS version" warnings
> > in the addition or deletion, or to make them only visible with a verbose
> > switch.
> 
> Right.  Such mismatches can be a very real problem, particularly if someone
> mistakenly installs, for example, a NetBSD-current built package on 2.0.

So now OS mismatch is a valuable message, and yet commands which are
run as root on your behalf are not? 
 
> > And yet you wish all calls to commands (which are executed as root
> > normally) to be covered up.  Is this not really an innate
> > conservatism, a resistance to change?  Or is it really because
> > valuable information is being obscured?
> 
> It's really because valuable information -- like the OS mismatch warning and
> messages dynamically appearing as part of pkginstall's duties -- is being
> obscured.

So the display of commands run as root is now making it so that you
can't view anything else?  I do find that hard to believe.
 
> > > > After all, they're "normal" package operations, since they appear
> > > > in just about every package, right?
> >
> > Putting sweeping statements aside:
> 
> > that's about 10% of the packages in pkgsrc (my current bulk build has
> > 5349 packages in total).
> 
> 10% hit ratio is far more than enough to make a typical user classify these
> messages as "normal" operations, fit to be ignored wholesale.  The fact that
> larger packages, such as perl, use them more serves well to reinforce this
> notion.

10% is not "just about every package", or they're teaching statistics in
a different way since I was at university.
 
> > > > Security considerations of @[un]exec should be approached by a more
> > > > security-centered approach, such as digital signatures.
> >
> > Every time I have talked about digital signatures to people, they have
> > said what a good idea it would be if pkgsrc could support them, or
> > requests to show them documentation.  Now I admit that I chose the
> > wrong time to add them (September 2001), but it's done, they're there,
> > and they could easily be used.  It's just that no-one uses them.  I
> > have absolutely no idea why.
> 
> That's because no one has any clue how to use them, and for the most part,
> few folks even know that such support exists at all.  The word "signature"
> appears nowhere in the pkgsrc Guide.  I can't seem to find any docs on it
> elsewhere, either; the most specific reference I can easily find is in a
> USENIX 2004 PDF of a slideshow.
> 
> If there's already support, it should be documented in the Guide, including
> whether they're detached signatures (and thus what filename the signature
> should have), how to generate them, and how to know that the signature is
> being verified.

We're getting off on a tangent here, but they are documented - see
pkg_add(1), various discussions on this mailing list, and in other
places too.  The PDF of the magicpoint of my talk at Usenix last year
contains screenshots of a digitally-signed pkg_add, as does the pkgsrc
talk I gave at EuroBSDcon 2004 in Karlsruhe.

I agree that the pkgsrc guide should have information on digital
signatures in it, although it tends to avoid mentioning binary package
addition, IIRC.

Just so that there can be more hits for pkgsrc and digital signatures:

[18:20:45] agc@sys3 ~ 128 > gpg -b zsh-4.2.1.tgz 

You need a passphrase to unlock the secret key for
user: "Alistair Crooks <agc@pkgsrc.org>"
2048-bit RSA key, ID C0596823, created 2004-01-12

[18:20:57] agc@sys3 ~ 129 > pkg_add -s gpg zsh-4.2.1.tgz
pkg_add: Using signature file: /home/agc/./zsh-4.2.1.tgz.sig
gpg: Signature made Thu Feb 10 18:20:57 2005 GMT using RSA key ID C0596823
gpg: Good signature from "Alistair Crooks <agc@pkgsrc.org>"
gpg:                 aka "Alistair Crooks <alistair@hockley-crooks.com>"
gpg:                 aka "Alistair Crooks <agc@netbsd.org>"
gpg:                 aka "Alistair Crooks <agc@alistaircrooks.com>"
Proceed with addition of /home/agc/./zsh-4.2.1.tgz: [y/n]? n
Package `/home/agc/./zsh-4.2.1.tgz' will not be added
pkg_add: Package /home/agc/./zsh-4.2.1.tgz will not be extracted
pkg_add: 1 package addition failed
[18:21:18] agc@sys3 ~ 130 >

should hopefully get caught by some of the crawlers out there.

Regards,
Alistair