Re: Signed binary pkgs setup

To: Hubert Feyrer <hubertf%gmx.de@localhost>
Subject: Re: Signed binary pkgs setup
From: Martin Husemann <martin%duskware.de@localhost>
Date: Thu, 14 Oct 2021 12:49:21 +0200

On Wed, Oct 13, 2021 at 11:50:12PM +0200, Hubert Feyrer wrote:
> Hi,
> 
> > Am 13.10.2021 um 20:00 schrieb Martin Husemann <martin%duskware.de@localhost>:
> >
> >        Validity
> >            Not Before: Aug 22 16:50:00 2021 GMT
> >            Not After : Aug 22 16:50:00 2022 GMT
> 
> Wild guess: the Certificate is no longer valid?

I'm not sure I'm living that far in the past (or future).

Unfortunately it seems like gpg signed pkgs is no option here, unless someone
can describe a concept where we download the pkgbuild trust anchor key
from the root of the binary pkg repository and "somehow" automatically verify
this key against a master key that got installed with the system (and w/o
administrative overload for whoever has to sign the individual pkgbuilder
keys). The recursive chain of trust in x509 seems to be a good fit here
(even though noone really likes x509).

Martin

Follow-Ups:
- Re: Signed binary pkgs setup
  - From: Greg Troxel
- Re: Signed binary pkgs setup
  - From: Thomas Merkel

References:
- Signed binary pkgs setup
  - From: Martin Husemann
- Re: Signed binary pkgs setup
  - From: Hubert Feyrer

Prev by Date: daily pkgsrc CVS update output
Next by Date: Re: cmake radical proposal
Previous by Thread: Re: Signed binary pkgs setup
Next by Thread: Re: Signed binary pkgs setup
Indexes:

Home | Main Index | Thread Index | Old Index