Darren J Moffat <[EMAIL PROTECTED]> wrote:
> > > One other thing, packages (and patches) can also be signed see this URL
> > > for more info on that:
> > > http://docs.sun.com/app/docs/doc/817-1985/6mhm8o5t9?a=view
> >
> > Thank you for this hint, but...
> >
> > Signing seems to be a general "problem" when dealing with OpenSolaris.
> > If you only allow Sun to sign a core packages, you will not be able
> > to deal with OpenSolaris needs and if you allow everyone to sign,
> > yhe only advantage would be to know who did create the package.
>
> It isn't restricted to only using Sun issued certs at all. It is just
> that the documentation talks about how to use the Sun certs as the trust
> anchors because thats all that has been done so far.
>
> The pkgadm(1m) command allows you to specify which certificates
> in the keystore are trusted, the examples on that page even show
> how to do it.
So pkgadd on SchilliX could trust Sun and SchilliX certs....
this seems to be OK.
> So given that I don't see that anything needs to be done for OpenSolaris
> but OpenSolaris distro builders like yourself may wish to create certs
> for themselves and use them.
Do you know what kind of certs will work and how/where to obtain?
Jörg
--
EMail:[EMAIL PROTECTED] (home) Jörg Schilling D-13353 Berlin
[EMAIL PROTECTED] (uni)
[EMAIL PROTECTED] (work) Blog: http://schily.blogspot.com/
URL: http://cdrecord.berlios.de/old/private/ ftp://ftp.berlios.de/pub/schily
_______________________________________________
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
