First a general comment, I'm really impressed with how "simple" this actually looks particularly given you have been able to use an existing archive format.

I assume when you mention ZIP as a format that was considered the JAR variant of it was too.

I really have only one comment and that is about integrity protection of the on disk format.

Lets assume for a moment that the package contents themselves are cryptographically signed so they are covered.

However the archive format version doesn't have any additional integrity protection. In particular there doesn't appear to be any protection that the index is pointing to the correct places and there doesn't appear to be any integrity protection of content like the pub.p5i file that aren't actually package contents.

Is there really a risk here ?

Compare this to what ZFS does. It uses a Merkle tree of checksums going all they way back to the uberblock.

--
Darren J Moffat
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss

Reply via email to