Bart Smaalders wrote:
Another interesting question is one of certificate revocation; I'm
inclined to have repositories provide such lists and have those
downloaded as part of catalog updates... we can also arrange for
refreshing of manifests, etc, upon discovery of installed packages
signed w/ revoked certs if needed.
One issue that will arise is how to discern which repository is
authoritative for certificates given mirrors, etc.
Also, when an on-disk format is designed, will signing have to be
specially accounted for?
Cheers,
--
Shawn Walker
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
