On Sun, Oct 21, 2007 at 08:28:19PM -0700, David E. Thiel wrote: > On Mon, Oct 22, 2007 at 10:07:33AM +0800, Adrian Chadd wrote: > > You can't (easily) cache data over SSL. Well, you can't use a HTTP > > proxy that doesn't break the SSL conversation and cache the updates. > > > > As someone who occasionally makes sure that distribution updates > > through a Squid proxy actually caches said updates, I'd really prefer > > you didn't stick package contents behind SSL. > > Fair enough. > > > > Now, we could take another approach of PGP-signing packages instead, but > > > all the efforts I've seen to integrate PGP with the package management > > > system in the past haven't gone anywhere. The changes above seem to be > > > a bit more trivial than inventing a package-signing infrastructure and > > > putting gpg or a BSD-licensed clone into base. Perhaps using SSL to sign > > > packages and having a baked-in key would work as well. > > > > Considering its a solved problem (mostly!) in other distributions, and > > their updates are very cachable, why not do this? > > Sounds fine to me - I'll take a closer look at this. I'd still like > to see the root CA certs merged into base so libfetch can be fixed. > Does anyone object to just using the ones currently provided by the > ca_root_nss port?
If we're going to have a default set, this is the right one since it's the one everyone already trusts. It would be useful to know what the security team thinks of the idea. -- Brooks
pgpTcH8AFW4PB.pgp
Description: PGP signature
