* Darren J Moffat <[EMAIL PROTECTED]> [2008-02-27 10:22]: > Stephen Hahn wrote: > > 4.11. Security Impact: > > > > In the current implementation, the protocol is built atop access > > to HTTP and/or HTTPS. Accordingly, the server side will > > potentially listen on ports associated with those services. > > > > The server and client side will require access to key and > > certificate management interfaces. > > I really think signed packages needs to be part of this too. Most > (maybe all) of the competition has this capability as does the existing > Solaris SVR4 derived pkgadd(1M) system. > > I know I need to find some time to put together a proposal for how this > should be done, but I've been busy trying to finish up zfs-crypto (yeah > I know excuses excuses).
We still plan to do signing of packages and catalogues--I'll add a short paragraph. - Stephen -- [EMAIL PROTECTED] http://blogs.sun.com/sch/ _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
