Date: Wed, 29 Jun 2016 14:46:26 -0700 From: Yuri <yuri@rawbw.com> To: Glen Barber <gjb@FreeBSD.org> Cc: freebsd-pkgbase@FreeBSD.org Subject: Re: Are signatures of system images verified? Message-ID: <5f72274d-6932-fbf2-8abd-86a865aec0d1@rawbw.com> In-Reply-To: <20160629213252.GI1453@FreeBSD.org> References: <2cde3a9e-8b4d-8c5e-408a-053710986e29@rawbw.com> <20160629213252.GI1453@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 06/29/2016 14:32, Glen Barber wrote: > But you raise a good point, poudriere does not have a good way to > validate the base.txz unless it also unpacks bootonly.iso (or any of the > installer media) and compares the checksums. The possible solution is that poudriere should supply a public key as a part of the package, and all binaries that it downloads are also signed with the corresponding private key. Yuri
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5f72274d-6932-fbf2-8abd-86a865aec0d1>