Thanks. I tried 5.5 on my laptop and as I said, it works, even better than freebsd 10, despite being a beta. I will switch to openbsd with the release. The only other problem is that I have external/ultrabay hdds that use lvm2, and I'll have to migrate the data, I think.
Anyway, while it's fine to only warn the user in case of an invalid signature, it would be nice to somehow inform him of the fact that packages are signed, are being verified (outside of the man page), and that they passed signature checks, like, for example, yum does. After all, https informs the user of its use, via the extra S, a lock, a green bar. SSH is implicitly secure, and exposes the server's fingerprint. Not providing positive feedback might trick the user into thinking that packages are being installed securely while working with old or misconfigured systems Il martedì 4 febbraio 2014, Marc Espie <[email protected]> ha scritto: > 2014-02-04 Kim Twain <[email protected] <javascript:;>>: > > Does pkg_add automatically check these signatures, or, as of now, I'd > need > > to manually download the packages, verify them with signify and then > install > > them locally with pkg_add? > > In -current, if you don't use any flags to pkg_add, and you don't see any > message at the end, the packages were signed and verified. > > (and by default, post 5.5, pkg_add will probably error out if the packages > are not signed if you don't use -Dunsigned !) > > Maybe you're already using signed packages and haven't noticed. > (there were two or hiccups in some snapshots, but apart from that, things > have been working great). > > > Getting a streamlined process WAS the difficult part in getting signed > packages out, NOT the technical feat of having signed packages... > > After all, pkg_create/pkg_add has known how to sign stuff for 3 years by > now. > > signify(1) makes things more transparent: no chain of trust, pure keys. > > One cool thing is that the signatures are small enough that they can be > embedded directly in the package (which already has sha256 for everything). > > This has the advantage of decentralization: package snapshots can be > partially > synchronized, and still each package carries its own signature. Less margin > for strange errors -> stuff that works most of the time -> more > trustworthy. > > Remember that message about ssh keys that changed that you used to get when > admins weren't savvy about getting keys around, or all those self-signed > https certificates you've been trained to ignore ? signatures are the same. > if they're not 100% present by default, people will be trained to ignore > them. > > > If you think security is a technicality, you only have 1/3rd of the > story. Getting the process right and making sure the users don't do > anything stupid is the right part.
