So many formats, So few packages
Bayard Bell
buffer.g.overflow at googlemail.com
Thu Apr 7 12:12:58 PDT 2011
On 7 Apr 2011, at 19:43, Daniel J. Luke wrote:
> On Apr 7, 2011, at 2:31 PM, Bayard Bell wrote:
>>
>> At the risk of being a broken record, this doesn't solve MITM, which is a substantial problem in the current architecture.
>
> I presume you mean the current 'download and use archives' architecture?
>
> You do realize that this is also not a solved problem with the current system (the portfiles aren't signed ...), right?
I sent an e-mail laying that out quite recently and have escalated it through appropriate channels, who accept that the problem also needs to be fixed for non-binary distribution.
> --
> Daniel J. Luke
> +========================================================+
> | *---------------- dluke at geeklair.net ----------------* |
> | *-------------- http://www.geeklair.net -------------* |
> +========================================================+
> | Opinions expressed are mine and do not necessarily |
> | reflect the opinions of my employer. |
> +========================================================+
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1515 bytes
Desc: not available
URL: <http://lists.macosforge.org/pipermail/macports-dev/attachments/20110407/faaf6d66/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 203 bytes
Desc: This is a digitally signed message part
URL: <http://lists.macosforge.org/pipermail/macports-dev/attachments/20110407/faaf6d66/attachment-0003.bin>
More information about the macports-dev
mailing list