Awesome. To keep OUR control, one shall create a FTP, resign all packet and update the key, or generate packet and sign with is own key, moreover update the one on his openBSD client ,
where are those keys ? * the <public> one on the client openBSD * the <private> one on the builder is there a new make command in ports to sign ? like make sign ? make resign ? + On Fri, Jan 17, 2014 at 6:26 AM, Marc Espie <[email protected]> wrote: > It's probably time to talk about it. > > Yes, we are now distributing signed packages. A lot of people have > probably > noticed because there was a key mismatch on at least one batch of signed > packages. > > Obviously, we haven't finished testing yet. > > Don't read too much into that. "Signed packages" just mean you can use > an insecure medium, such as ftp, to download packages: if the key matches, > it means the package hasn't been tampered with since it was signed. > > The cryptographic framework used to sign packages is called signify(1), > mostly written by Ted Unangst, with a lot of feedback from (mostly) Theo > and I. > > The signing framework in pkg_add/pkg_create is much older than that, if > was written for x509 a few years ago, but signify(1) will probably be more > robust and ways simpler. In particular, there's no "chain-of-trust", so > you keep complete control on the sources YOU trust. > > Signatures should be transparent in use: the package is opened, the > packing-list signature is checked, and then files are checksummed while > extracted against the packing-list embedded checksums (there are provisions > to ensure any dangerous meta-data is also encoded in the packing-list as > @mode/@user/@group annotations. > > So, barring problems, you shouldn't even notice signatures. > > -- --------------------------------------------------------------------------------------------------------------------- () ascii ribbon campaign - against html e-mail /\
