Darren J Moffat <[EMAIL PROTECTED]> wrote: > > > One other thing, packages (and patches) can also be signed see this URL > > > for more info on that: > > > http://docs.sun.com/app/docs/doc/817-1985/6mhm8o5t9?a=view > > > > Thank you for this hint, but... > > > > Signing seems to be a general "problem" when dealing with OpenSolaris. > > If you only allow Sun to sign a core packages, you will not be able > > to deal with OpenSolaris needs and if you allow everyone to sign, > > yhe only advantage would be to know who did create the package. > > It isn't restricted to only using Sun issued certs at all. It is just > that the documentation talks about how to use the Sun certs as the trust > anchors because thats all that has been done so far. > > The pkgadm(1m) command allows you to specify which certificates > in the keystore are trusted, the examples on that page even show > how to do it.
So pkgadd on SchilliX could trust Sun and SchilliX certs.... this seems to be OK. > So given that I don't see that anything needs to be done for OpenSolaris > but OpenSolaris distro builders like yourself may wish to create certs > for themselves and use them. Do you know what kind of certs will work and how/where to obtain? Jörg -- EMail:[EMAIL PROTECTED] (home) Jörg Schilling D-13353 Berlin [EMAIL PROTECTED] (uni) [EMAIL PROTECTED] (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/old/private/ ftp://ftp.berlios.de/pub/schily _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org