MacPorts allows us to provide package archives through archive_sites, much like master_sites. I had previously been asked to use an environment variable rather than make use of archive_sites, however this no longer makes much sense to me: archives are stored in different files based on OS and architecture so there should be no issue by using the archive_sites functionality.
May interested maintainers place their public key in trunk, alongside the
MacPorts key [1]? After adding the key to the public key configuration file [2]
the existing functionality would be enabled for any given package signed by
that maintainer. Perhaps we should have a public key rsync setup for the
maintainer keys, similar to portfiles.
Another option is having MacPorts Managers sign all archives with the MacPorts
key (through some approval process), but this option sounds cumbersome for the
time being.
I'd like to start making use of this functionality.
[1] ${prefix}/share/macports/macports-pubkey.pem
[2] ${prefix}/etc/macports/pubkeys.conf
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ macports-dev mailing list [email protected] http://lists.macosforge.org/mailman/listinfo.cgi/macports-dev
