So many formats, So few packages

Bayard Bell buffer.g.overflow at googlemail.com
Thu Apr 7 12:12:58 PDT 2011


On 7 Apr 2011, at 19:43, Daniel J. Luke wrote:

> On Apr 7, 2011, at 2:31 PM, Bayard Bell wrote:
>> 
>> At the risk of being a broken record, this doesn't solve MITM, which is a substantial problem in the current architecture.
> 
> I presume you mean the current 'download and use archives' architecture?
> 
> You do realize that this is also not a solved problem with the current system (the portfiles aren't signed ...), right?

I sent an e-mail laying that out quite recently and have escalated it through appropriate channels, who accept that the problem also needs to be fixed for non-binary distribution.

> --
> Daniel J. Luke                                                                   
> +========================================================+                        
> | *---------------- dluke at geeklair.net ----------------* |                          
> | *-------------- http://www.geeklair.net -------------* |                          
> +========================================================+                        
> |   Opinions expressed are mine and do not necessarily   |                          
> |          reflect the opinions of my employer.          |                          
> +========================================================+
> 
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1515 bytes
Desc: not available
URL: <http://lists.macosforge.org/pipermail/macports-dev/attachments/20110407/faaf6d66/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 203 bytes
Desc: This is a digitally signed message part
URL: <http://lists.macosforge.org/pipermail/macports-dev/attachments/20110407/faaf6d66/attachment-0003.bin>


More information about the macports-dev mailing list