'[haiku-bugs] Re: [Haiku] #17331: Repository signature validation in pkgman via minisign'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       haiku-bugs
Subject:    [haiku-bugs] Re: [Haiku] #17331: Repository signature validation in pkgman via minisign
From:       "Haiku" <trac () haiku-os ! org>
Date:       2023-10-31 15:58:39
Message-ID: 060.1ae1cf97d75e5f577fd4bfa422d9373c () haiku-os ! org
[Download RAW message or body]

--===============2602277103472536132==
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

#17331: Repository signature validation in pkgman via minisign
----------------------------+----------------------------------------------
  Reporter:  kallisti5      |      Owner:  nobody
      Type:  enhancement    |     Status:  new
  Priority:  high           |  Milestone:  R1/beta5
 Component:  Kits/Package   |    Version:  R1/Development
  Kit                       |
Resolution:                 |   Keywords:  packages minisig security sprint
Blocked By:                 |   Blocking:
  Platform:  All            |
----------------------------+----------------------------------------------
Comment (by kallisti5):

 See https://review.haiku-os.org/c/haiku/+/7088 for a first "quick-and-
 dirty" solution. Long term this needs to be better and integrated within
 the package kit since the logic is still a little loose around "getting
 and validating minisign is valid from the repo you're about to validate"

 Fun fact.. this tool uncovered that it doesn't look like haikuports is
 properly signing repo files.
-- =

Ticket URL: <https://dev.haiku-os.org/ticket/17331#comment:4>
Haiku <https://dev.haiku-os.org>
The Haiku operating system.
--===============2602277103472536132==--

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic