On Wed, Jan 22, 2014 at 01:46:33PM +0400, Loganaden Velvindron wrote: > > The signing framework in pkg_add/pkg_create is much older than that, if > > was written for x509 a few years ago, but signify(1) will probably be more > > robust and ways simpler. In particular, there's no "chain-of-trust", so > > you keep complete control on the sources YOU trust. > > Can you please elborate more on the trusting part ? > > Both DNSSEC and RPKI have a "root anchor" that we're all supposed to trust, > and your model is different.
There's no chain of trust. pkg_add trusts pub keys under /etc/signify that end in *pkg.pub (respectively *fw.pub for firmwares). Put shit there -> get shit out. the only way to get keys in there is: - base install, - explicitly putting keys there as root. There's nothing more automated. Keys are not certified nor anything.
