ariadne
/
pkgconf
3
6
Fork 4
Code Issues 6 Pull Requests 2 Projects Releases 2 Wiki Activity

Provide signed downloads or downloads over HTTPS #98

New Issue
Closed
opened 2016-09-17 19:41:59 +00:00 by ddevault · 5 comments
ddevault commented 2016-09-17 19:41:59 +00:00 (Migrated from github.com)

Or both!

Or both!
ariadne commented 2016-09-18 22:18:07 +00:00

Would BSD signify(1) signatures be acceptable?

Would BSD signify(1) signatures be acceptable?
ddevault commented 2016-09-18 22:30:08 +00:00 (Migrated from github.com)

PGP signatures would be preferable. What's the advantage of signify?

PGP signatures would be preferable. What's the advantage of signify?
ariadne commented 2016-09-18 22:34:28 +00:00

The cryptographic primitives provided by OpenPGP are outdated, signify on the other hand uses Ed25519. On top of that, generally, maintaining a PGP key is a pain in the ass (pointless web of trust, key expiry, ASN.1 object identifiers, blah blah blah). Signify on the other hand is similar to maintaining a bitcoin wallet.

The cryptographic primitives provided by OpenPGP are outdated, signify on the other hand uses Ed25519. On top of that, generally, maintaining a PGP key is a pain in the ass (pointless web of trust, key expiry, ASN.1 object identifiers, blah blah blah). Signify on the other hand is similar to maintaining a bitcoin wallet.
ddevault commented 2016-09-18 22:35:37 +00:00 (Migrated from github.com)

I'm not convinced that the primitives have practically exploitable flaws at the moment, and signify deployment is pretty lacking. Could you consider publishing both with a long term plan for switching entirely to signify?

I'm not convinced that the primitives have practically exploitable flaws at the moment, and signify deployment is pretty lacking. Could you consider publishing both with a long term plan for switching entirely to signify?
ddevault commented 2016-09-19 03:13:36 +00:00 (Migrated from github.com)

Thanks!

Thanks!
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
stable/1.8.x
feature/tap-sh
pkgconf-2.2.0
pkgconf-2.1.1
pkgconf-2.1.0
pkgconf-2.0.3
pkgconf-2.0.2
pkgconf-2.0.1
pkgconf-2.0.0
pkgconf-1.9.5
pkgconf-1.8.1
pkgconf-1.9.4
pkgconf-1.9.3
pkgconf-1.9.2
pkgconf-1.9.1
pkgconf-1.9.0
pkgconf-1.8.0
pkgconf-1.7.4
pkgconf-1.7.3
pkgconf-1.7.2
pkgconf-1.7.1
pkgconf-1.7.0
pkgconf-1.6.3
pkgconf-1.6.2
pkgconf-1.6.1
pkgconf-1.6.0
pkgconf-1.5.4
pkgconf-1.5.3
pkgconf-1.5.2
pkgconf-1.5.1
pkgconf-1.4.2
pkgconf-1.4.1
pkgconf-1.4.0
pkgconf-1.3.90
pkgconf-1.3.12
pkgconf-1.3.11
pkgconf-1.3.10
pkgconf-1.3.9
pkgconf-1.3.8
pkgconf-1.3.7
pkgconf-1.3.6
pkgconf-1.3.5
pkgconf-1.3.4
pkgconf-1.3.3
pkgconf-1.3.2
pkgconf-1.3.1
pkgconf-1.3.0
pkgconf-1.2.2
pkgconf-1.2.1
pkgconf-1.2.0
pkgconf-1.1.1
pkgconf-1.1.0
pkgconf-1.0.2
pkgconf-1.0.1
pkgconf-1
pkgconf-0.9.12
pkgconf-0.9.11
pkgconf-0.9.10
pkgconf-0.9.9
pkgconf-0.9.8
pkgconf-0.9.7
pkgconf-0.9.6
pkgconf-0.9.5
pkgconf-0.9.4
pkgconf-0.9.3
pkgconf-0.9.2
pkgconf-0.9.1
pkgconf-0.9.0
pkgconf-0.8.12
pkgconf-0.8.11
pkgconf-0.8.10
pkgconf-0.8.9
pkgconf-0.8.8
pkgconf-0.8.7
pkgconf-0.8.6
pkgconf-0.8.5
pkgconf-0.8.4
pkgconf-0.8.3
pkgconf-0.8.2
pkgconf-0.8.1
pkgconf-0.8
pkgconf-0.7
pkgconf-0.6
pkgconf-0.5.3
pkgconf-0.5.2
pkgconf-0.5.1
pkgconf-0.5
pkgconf-0.4
pkgconf-0.3
pkgconf-0.2
pkgconf-0.1.1
pkgconf-0.1
Labels
Clear labels   
bug
   
duplicate
   
enhancement
   
invalid
   
question
   
wontfix
No Label
bug
duplicate
enhancement
invalid
question
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: ariadne/pkgconf#98
There is no content yet.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may exist for a short time before cleaning up, in most cases it CANNOT be undone. Continue?