On 03/ 8/11 06:11 PM, Shawn Walker wrote:
On 03/ 8/11 06:03 PM, Danek Duvall wrote:
Shawn Walker wrote:
http://cr.opensolaris.org/~swalker/pkg-17961/
image.py:
- line 1922: why is this "or" and not "and"? How can you verify
signatures if there are none, even if the signature policy is not
ignore? Or is it just that in the case that one or the other is false,
the operation will be safe and quick? (Same holds for similar code in
pkgplan.)
There's a subtle nuance in behaviour here that I should probably add in
the comment. The behaviour is that by going through the signature
verification for the 'ignore' case, the cert data will be cached so that
if they later decide to verify the package, or change the image policy
to 'verify', the signature data will already be there.
Sorry, just realised I left one question unanswered. It is possible to
set a signature policy that requires all packages be signed.
So if there are no signatures, then verifying the signatures will fail.
-Shawn
_______________________________________________
pkg-discuss mailing list
pkg-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
