security projects thoughts
Jeff Johnson
n3npq at mac.com
Tue Apr 19 06:26:36 PDT 2011
On Apr 19, 2011, at 9:12 AM, Rainer Müller wrote:
> On 04/18/2011 04:04 PM, Jeff Johnson wrote:
>>
>> On Apr 18, 2011, at 9:40 AM, Arno Hautala wrote:
>>
>>> On Mon, Apr 18, 2011 at 06:12, Bayard Bell
>>> <buffer.g.overflow at googlemail.com> wrote:
>>>>
>>>> I've read back on the threads from March about binary packaging and
>>>> appreciate better what constraints were accepted to simplify deployment. The
>>>> signed Macports releases in distfiles that Anders pointed me to is signed
>>>> with GPG. Given that we're talking about developer tools rather than
>>>> packaging, is it reasonable to add this to the base requirements for
>>>> macports? Are people fine with the idea of using PGP with macports and
>>>> openssl with the packaging system?
>>>
>>> I'm all for more GPG adoption, but it might be a good idea to be
>>> consistent and stick with OpenSSL.
>>>
>>
>> These are opinions only, without any supplied reason to prefer OpenPGP
>> over OpenSSL. DOes DSA from OpenSSL taste better to you somehow than
>> OpenPGP? Perhaps the random big numbers are "fresher" if wrapped in
>> OpenSSL than OpenPGP?
>
> OpenSSL with .pem wasn't choosen for technical but pragmatical reasons.
> Mac OS X does not ship with any PGP implementation while OpenSSL is part
> of the base install.
>
Absolutely sound pragmatic reasons. Apologies for publically muttering, its annoying that
the representation of big numbers is such a huge impediment to deploying crypto.
> Releases have been signed by our own GPG keys but without any master key
> to verify the signing key. All we did prove there was that a developer
> signed this binary and other people had signed his key to prove the
> developer exists as a human being ;-)
>
You have provable humans? Cool!
73 de Jeff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4645 bytes
Desc: not available
URL: <http://lists.macosforge.org/pipermail/macports-dev/attachments/20110419/24280e10/attachment.bin>
More information about the macports-dev
mailing list