When it comes to security of online update mechanisms and that of
an index, TUF has a well designed scheme to be safe regardless of
http and plan for eventual leak/theft of signing keys.
I'd suggest anyone interest to have a look.
On Mon, Oct 31, 2016 at 2:18 PM, Guillaume ALAUX
wrote:
> On Mon, Oct 31, 2016 at 4:16 PM, Levente Polyak
> wrote:
>>
>> On 10/31/2016 04:03 PM, Patrick Burroughs (Celti) wrote:
>> > As a middle ground, I think it would be more reasonable (or at least,
>> > less unreasonable) to modify makepkg t
On Mon, Oct 31, 2016 at 4:16 PM, Levente Polyak wrote:
>
> On 10/31/2016 04:03 PM, Patrick Burroughs (Celti) wrote:
> > As a middle ground, I think it would be more reasonable (or at least,
> > less unreasonable) to modify makepkg to allow signing PKGBUILDs, or at
> > least parts of them. For an e
On 10/31/2016 04:03 PM, Patrick Burroughs (Celti) wrote:
> As a middle ground, I think it would be more reasonable (or at least,
> less unreasonable) to modify makepkg to allow signing PKGBUILDs, or at
> least parts of them. For an existing example, OpenBSD's signify(1) uses
> their cryptographic s
On Mon, 31 Oct 2016 15:19:40 +0100
NicoHood wrote:
> Using PGP signatures is another discussion, also the hash algorithm. I
> think we should discuss that in another post, appart from https. From
> my point of view its highly important to use a strong hash function
> as its highly important for t
5 matches
Mail list logo
