Danek Duvall wrote: > On Mon, Jun 23, 2008 at 07:06:33PM +0200, Alexander Vlasov wrote: > >> Currently OpenSolaris contains complete elfsign(1) infrastructure, >> including tools to sign/verify and keys set; however, lots of elves >> aren't in fact signed at all. Should it be considered a bug? > > It's likely that only files coming from the ON and install consolidations > (maybe a few others?) are signed. I think that the security folks would > probably like for all ELF files to be signed, but no one's gone to the > effort to work with the other consolidations to make that happen.
Actually that isn't true. There was a big effort for Solaris 10 and the vast majority of stuff is signed (there were a few packaging and other bugs that mean't it couldn't be 100% but it is close). > At any rate, it's got nothing to do with pkg(5). You might take it up on > security-discuss. While it isn't an issue for pkg(5) the software it may (depending on Alexander's response) be an issue for stuff that is in the pkg.opensolaris.org repository versus the SXCE builds. -- Darren J Moffat _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
