archive_sites in Portfiles

Jeremy Lavergne jeremy at lavergne.gotdns.org
Fri Jan 7 21:02:56 PST 2011


> As another problem, if we use keys for each maintainer, how do we make sure none of the private keys will ever be compromised (carrying around on mobile devices, tiresome typing of a passphrase, etc.)? I might be a little bit paranoid on this, but we have to consider the weakest link here.

We already trust the port maintainers to not submit trojans in their ports.

> It's not about the distribution on an external server, but in which way the archive was created.

Why can't maintainers offer their archives alongside the ones from MacPorts' MPAB?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3749 bytes
Desc: not available
URL: <http://lists.macosforge.org/pipermail/macports-dev/attachments/20110108/7ab00ed4/attachment.bin>


More information about the macports-dev mailing list