[haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages

• From: "Haiku" <trac@xxxxxxxxxxxx>
• To: undisclosed-recipients: ;
• Date: Mon, 18 Nov 2019 15:25:23 -0000

#14927: HaikuDepot doesn't show any packages
---------------------------------------+----------------------------
   Reporter:  KapiX                    |      Owner:  apl-haiku
       Type:  bug                      |     Status:  reopened
   Priority:  normal                   |  Milestone:  Unscheduled
  Component:  Applications/HaikuDepot  |    Version:  R1/Development
 Resolution:                           |   Keywords:
 Blocked By:                           |   Blocking:
Has a Patch:  0                        |   Platform:  All
---------------------------------------+----------------------------
Comment (by pulkomandy):

 Replying to [comment:18 waddlesplash]:

For trusting the repo, sha256 is useless as long as there is no

 signing.

Uh... why? The sha256 authenticates the "repo" file as authentic, and

 the "repo" file itself contains sha256sums for the HPKG files. So as long
 as the checksum for the "repo" is retrieved from a trusted source
 securely, all subsequent downloads will also be verifiable. It's not as
 good as GPG signing, sure; but it's very close by many metrics.

 It's close only if you trust the whole transport between you and Haiku.
 It's easier to do an MITM especially when you are providing the mirror
 (you would just need to alter the "url" field, basically). Let's not hack
 around security, let's sign our package repos (GPG or whatever) and then
 we can stop worrying about how we distribute the packages. This allows
 separation of concerns: on one side we worry about signing, and on the
 other we worry, independently, about distribution. This way we don't
 multiply problems with each other.
-- 
Ticket URL: <https://dev.haiku-os.org/ticket/14927#comment:20>
Haiku <https://dev.haiku-os.org>
The Haiku operating system.

Other related posts:

• » [haiku-bugs] [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages - Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku
• » [haiku-bugs] Re: [Haiku] #14927: HaikuDepot doesn't show any packages- Haiku

1. Home
2. haiku-bugs
3. Archive
4. 11-2019

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---