[haiku-development] Re: Design for signed packages

From: Ingo Weinhold <ingo_weinhold@xxxxxx>
To: haiku-development@xxxxxxxxxxxxx
Date: Wed, 26 Mar 2014 22:49:27 +0100

On 26.03.2014 22:25, Julian Harnath wrote:

(3) Package signing is a good idea so the user can know if a package
really originates from a certain source.


The discussed options are:

1. Always sign each individual package.

2. Sign only the repository file which contains packages hashes.

a) Don't support signing packages at all. Requires a packages tooriginate from a repository in order to be able to verify the authenticity.b) Support signing packages (optionally). Would allow e.g. third-partydevelopers to provide signed packages without a repository.

The second option only allows verifying the package authenticity (ofunsigned packages) at installation time (respectively as long as therepository file is available).


CU, Ingo

References:
- [haiku-development] Re: Design for signed packages
  - From: Julian Harnath

Other related posts:

» [haiku-development] Design for signed packages- Jonathan Schleifer
» [haiku-development] Re: Design for signed packages- Jonathan Schleifer
» [haiku-development] Re: Design for signed packages- Jonathan Schleifer
» [haiku-development] Re: Design for signed packages- Jonathan Schleifer
» [haiku-development] Re: Design for signed packages- Jonathan Schleifer
» [haiku-development] Re: Design for signed packages- Axel Dörfler
» [haiku-development] Re: Design for signed packages- Ingo Weinhold
» [haiku-development] Re: Design for signed packages- Jonathan Schleifer
» [haiku-development] Re: Design for signed packages- Jonathan Schleifer
» [haiku-development] Re: Design for signed packages- Axel Dörfler
» [haiku-development] Re: Design for signed packages- Jonathan Schleifer
» [haiku-development] Re: Design for signed packages- Ingo Weinhold
» [haiku-development] Re: Design for signed packages- Stephan Aßmus
» [haiku-development] Re: Design for signed packages- Axel Dörfler
» [haiku-development] Re: Design for signed packages- Jonathan Schleifer
» [haiku-development] Re: Design for signed packages- Ingo Weinhold
» [haiku-development] Re: Design for signed packages- Rene Gollent
» [haiku-development] Re: Design for signed packages- François Revol
» [haiku-development] Re: Design for signed packages- Ingo Weinhold
» [haiku-development] Re: Design for signed packages- Jonathan Schleifer
» [haiku-development] Re: Design for signed packages- Jonathan Schleifer
» [haiku-development] Re: Design for signed packages- Jonathan Schleifer
» [haiku-development] Re: Design for signed packages- Jonathan Schleifer
» [haiku-development] Re: Design for signed packages- Ingo Weinhold
» [haiku-development] Re: Design for signed packages- Ingo Weinhold
» [haiku-development] Re: Design for signed packages- Jonathan Schleifer
» [haiku-development] Re: Design for signed packages- Jonathan Schleifer
» [haiku-development] Re: Design for signed packages- Urias McCullough
» [haiku-development] Re: Design for signed packages- Rene Gollent
» [haiku-development] Re: Design for signed packages- Jonathan Schleifer
» [haiku-development] Re: Design for signed packages- Jonathan Schleifer
» [haiku-development] Re: Design for signed packages- Julian Harnath
» [haiku-development] Re: Design for signed packages- Ingo Weinhold
» [haiku-development] Re: Design for signed packages- Jonathan Schleifer
» [haiku-development] Re: Design for signed packages - Ingo Weinhold
» [haiku-development] Re: Design for signed packages- waddlesplash
» [haiku-development] Re: Design for signed packages- SMC.Collins
» [haiku-development] Re: Design for signed packages- Jonathan Schleifer
» [haiku-development] Re: Design for signed packages- Fredrik Holmqvist
» [haiku-development] Re: Design for signed packages- SMC.Collins