Hi,

just my personal reaction. Only repositories "covered" by key and certificate 
(thus using https) are Extra and HA-cluster directly from Sun. So these are 
something like "trusted". 

But I think that at least Contrib and Development are ok too thanks this option 
in pkg tool :

 verify [-Hqv] [pkg_fmri_pattern ...]
          Validate the installation of packages in the current image.
          With -v, do more verbose reporting.  With -q, print nothing, but
          return failure if there are any verification problems.  File hashes
          are always checked.

          The -H option causes the headers to be omitted.

If I understand it correct then file hashes are in manifest file with each 
package. I don't know about other option which will be what you are looking 
for. But if you have hashes then you can build your own mirror of repositories 
with packages you checked at least against their hash.
-- 
This message posted from opensolaris.org
_______________________________________________
opensolaris-help mailing list
opensolaris-help@opensolaris.org

Reply via email to