On 07/07/2010 23:43, Brock Pytlik wrote:
You have to specific both the digest (hash) algorithm and the signing
algorithm. So rsa-sha256, dsa-sha256, ecdsa-sha256 are the types of
things we expect to see now, and post 2013 we will start seeing
ecdsa-sha3.
Ok, just to make sure there's no confusion, there will be a pkg.hashalg
attribute on the action which has a value like, "sha256" and then a
pkg.sigalg attribute which has a value like "rsa-sha256", instead of "rsa".
If the intent is that the signature section only exists in signed
packages you just need pkg.sigalg=rsa-sha256, you don't need a
pkg.hashalg as well.
However if the intent is to have pkg.hashalg be used for non signed
packages then having both pkg.hashalg and pkg.sigalg present when they
are signed is fine too.
--
Darren J Moffat
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
