Re: pkgsrc binary packages security with pkgin

To: Johnny Billquist <bqt%update.uu.se@localhost>
Subject: Re: pkgsrc binary packages security with pkgin
From: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
Date: Fri, 31 Jan 2020 12:37:48 +0100

On Fri, Jan 31, 2020 at 12:32:06PM +0100, Johnny Billquist wrote:
> Of course you can. But then you need to have a whole list of trusted public
> keys that needs to be managed, which again leads to the question of which
> keys are now the acceptable ones. And how to you trust new builders? Can
> anyone then be added to the list of official builders of packages, or how to
> you manage that side?
> Key management is not trivial.

Of course it's not. But this is not really a technical issue.

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--

Follow-Ups:
- Re: pkgsrc binary packages security with pkgin
  - From: Johnny Billquist

References:
- Re: pkgsrc binary packages security with pkgin
  - From: yarl-baudig
- Re: pkgsrc binary packages security with pkgin
  - From: Johnny Billquist
- Re: pkgsrc binary packages security with pkgin
  - From: Manuel Bouyer
- Re: pkgsrc binary packages security with pkgin
  - From: Johnny Billquist
- Re: pkgsrc binary packages security with pkgin
  - From: Manuel Bouyer
- Re: pkgsrc binary packages security with pkgin
  - From: Johnny Billquist

Prev by Date: Re: pkgsrc binary packages security with pkgin
Next by Date: Re: pkgsrc binary packages security with pkgin
Previous by Thread: Re: pkgsrc binary packages security with pkgin
Next by Thread: Re: pkgsrc binary packages security with pkgin
Indexes:

Home | Main Index | Thread Index | Old Index