On Mar 26, 2011, at 10:56 AM, Joshua Root wrote: > We'd really prefer to keep base fully BSD licensed. > >> * Signed packages: I thought of it as signing at build time, with an >> GPG key. Not sure if it's the best. > > Again, OS X doesn't ship with gpg, which is why the current archive > signature verification is done with openssl. >
Given these constraints, then you might want to focus on a prepoulated openssl pubkey store framework with signing keys for binary packages. Its the functional infrastructure already implemented that is useful for binary packaging, not so much the licensing or the policy or the crypto implementations, that makes "forward" progress. 73 de Jeff _______________________________________________ macports-dev mailing list [email protected] http://lists.macosforge.org/mailman/listinfo.cgi/macports-dev
