On 06/29/2016 14:32, Glen Barber wrote:
But you raise a good point, poudriere does not have a good way to validate the base.txz unless it also unpacks bootonly.iso (or any of the installer media) and compares the checksums.
The possible solution is that poudriere should supply a public key as a part of the package, and all binaries that it downloads are also signed with the corresponding private key.
Yuri _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pkgbase To unsubscribe, send any mail to "[email protected]"
