On 03/ 8/11 06:03 PM, Danek Duvall wrote:
Shawn Walker wrote:
http://cr.opensolaris.org/~swalker/pkg-17961/
image.py:
- line 1922: why is this "or" and not "and"? How can you verify
signatures if there are none, even if the signature policy is not
ignore? Or is it just that in the case that one or the other is false,
the operation will be safe and quick? (Same holds for similar code in
pkgplan.)
There's a subtle nuance in behaviour here that I should probably add in
the comment. The behaviour is that by going through the signature
verification for the 'ignore' case, the cert data will be cached so that
if they later decide to verify the package, or change the image policy
to 'verify', the signature data will already be there.
- line 1924: why compute sig_pol again?
Thinko.
-Shawn
_______________________________________________
pkg-discuss mailing list
pkg-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
