NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: pkgsrc binary packages security with pkgin
For a quick summary from all your answers since martin's, if I may.
His answer is still perfectly valid to me.
Assuming you trust everything before, because not assuming that is confusing and counterproductive in this particular discussion,
I wanted to focus, while there is probably work there too (there is always):
- upstream softwares in pkgsrc. pkgsrc-vulnerabilities is a partial answer, right?
- packagers
- builders
So, assuming that above:
- https more trivial to use
- https only protects the link between you and binary packages server
- sigs protects from the builder to you, this adds a lot
Also, while it is relevant to compare https and signatures, security is about resilience.
There must be a valid trust chain to which add strata, if possible.
Obviously, deciding to sign packages involves asking questions about key management.
Be that as it may, the decision to believe is already made, the objective is to formalize it.
Yours sincerely
Home |
Main Index |
Thread Index |
Old Index