On Tue, Apr 28, 2009 at 12:26:11PM -0500, Shawn Walker wrote: > Bart Smaalders wrote: > >Another interesting question is one of certificate revocation; I'm > >inclined to have repositories provide such lists and have those > >downloaded as part of catalog updates... we can also arrange for > >refreshing of manifests, etc, upon discovery of installed packages > >signed w/ revoked certs if needed. > > One issue that will arise is how to discern which repository is > authoritative for certificates given mirrors, etc.
There's no such problem: you can publish signing certs anywhere you like, and anyone can do it, on any mirror, bumper sticker... :) As long as the clients have the necessary trust anchors it's all OK. Now, trust anchor management -- that's a whole 'nother ball of wax. Obviously install images should install a basic set of code signing trust anchors. But surely people will want to package up their own private code signing trust anchors. The question is: should the addition of packages that deliver trust anchors (of any kind, no?) be like that of any other pkg, or should the UI warn the user? Or is the matter moot because the user will be warned about any pkgs being added that are not signed with a cert that can be validated to an existing trust anchor? The question is moot anyways in that any pkg that could install services that will run with sufficient privilege will be able to install new trust anchors surreptiously anyways. Nico -- _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
