On Thu, 21 Jul 2005, Hubert Feyrer wrote:

> 2) signed binary pkgs. See pkg_add -s. I think there's room for changing the 
> interface in pkg_add etc. as it's not actively used right now (as far as I 
> know). Communication should happen on tech-pkg@NetBSD.org WRT that.

For pkg_add, how does this sound?

     1. We include the signature in the package itself. This might be a
     list of all of the files in the archive (excepting the signature
     file itself), their sizes and hashes (multiple ones), the signature
     itself, and the public key used to sign the package, all as an
     ascii-armored file.

     2. When pkg_add detects a signature, it verifies the signature and
     the hashes of all of the files. It then does something undefined
     (probably involving invoking bpg routines) to decide if the
     signature is trusted, and if not, it issues appropriate warnings and
     asks if it should continue, or abandons the install, or whatever.

     3. Something is added either to BPG (a generic tar file signer?) or
     to the package creation tools to create this signature. (See also
     the "generic archive signer" use case.

This avoids dealing with the -s option at all.

cjs
-- 
Curt Sampson  <cjs@cynic.net>   +81 90 7737 2974   http://www.NetBSD.org
      Make up enjoying your city life...produced by BIC CAMERA