MacPorts allows us to provide package archives through archive_sites, much like master_sites. I had previously been asked to use an environment variable rather than make use of archive_sites, however this no longer makes much sense to me: archives are stored in different files based on OS and architecture so there should be no issue by using the archive_sites functionality.
May interested maintainers place their public key in trunk, alongside the MacPorts key [1]? After adding the key to the public key configuration file [2] the existing functionality would be enabled for any given package signed by that maintainer. Perhaps we should have a public key rsync setup for the maintainer keys, similar to portfiles. Another option is having MacPorts Managers sign all archives with the MacPorts key (through some approval process), but this option sounds cumbersome for the time being. I'd like to start making use of this functionality. [1] ${prefix}/share/macports/macports-pubkey.pem [2] ${prefix}/etc/macports/pubkeys.conf
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ macports-dev mailing list macports-dev@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/macports-dev