Nicolas Williams writes: > On Thu, Jul 31, 2008 at 11:30:59AM -0700, Bart Smaalders wrote: > > Multiply signed packages are useful, as others have pointed out, to > > permit systems to require multiple signatures, or permit alternate > > signatures. > > I proposed having one signature by the pkg submitter, and one by the > publication service. The former vouching for the contents of the package > while the latter would vouch for the dependency and other such analysis.
Do you really mean at most two signatures? This means that if we have (say) a package created and signed by Sun, then included into a repository signed by BigRepoCompany, then no local IT group could sign again to say "this is the version of the package from BigRepoCompany that you should be using here." Or, if IT did that, the BigRepoCompany signature would have to come off, and the end user would lose whatever value that signature had. If the number of signatures is greater than 1, I suspect it's just "N." > > The easiest way to do this is to omit all signatures from the > > hash; adding a new signature would then not invalidate previous ones. > > It might be useful to be able to include some signatures in the material > signed by any one signature -- "nested signatures" --, as well as to > omit some -- "parallel signatures." I don't understand the usage case for nested signatures (don't I just care about the bits delivered?), but at least parallel signatures ought to be offered. -- James Carlson, Solaris Networking <james.d.carlson at sun.com> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
