Danek Duvall wrote:
> On Mon, Jun 23, 2008 at 07:06:33PM +0200, Alexander Vlasov wrote:
>
>> Currently OpenSolaris contains complete elfsign(1) infrastructure,
>> including tools to sign/verify and keys set; however, lots of elves
>> aren't in fact signed at all. Should it be considered a bug?
>
> It's likely that only files coming from the ON and install consolidations
> (maybe a few others?) are signed. I think that the security folks would
> probably like for all ELF files to be signed, but no one's gone to the
> effort to work with the other consolidations to make that happen.
Files from all WOS consolidations should be signed, since the WOS RE's do the
signing on delivery to the WOS dock.
There's some exception lists - we don't sign various third party binaries
for instance, and I would expect everything Indiana replaces to be unsigned,
but most of the WOS bits should be signed. (I'd have to check with the
other Alan if the Indiana dock for packages like the Indiana-special X &
GNOME ones also does the signing.)
I would also expect the packages from sources other than the traditional
Solaris WOS to be unsigned - netbeans, studio, hpc, openoffice, etc.
--
-Alan Coopersmith- [EMAIL PROTECTED]
Sun Microsystems, Inc. - X Window System Engineering
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
