[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: Signed packages and translations

Just a couple of ideas. Looks good...

> The basic idea is to accompany each member in a .deb file with another file
> that contains an OpenPGP signature for this file. This signature file need
> not be ascii armored since this would only introduce transmission overhead
> and gain nothing. 

You could also have multiple signatures if you wanted (sponser and sponsee)
or maybe have katie/dinstall/automuilder/whatever also give a sig.

> The file name for this file is constructed from the
> original filename as follows:
> 
> If the original filename is no more than sizeof(ar_name)-2 bytes long, ".s"
> is appended to it. If it is longer, the part of the file name before the
> first dot or dash is truncated so that the ".s" suffix will fit. If the
> first component would disappear, the component after the first dot will be
> used and so on.

You spend an awful lot of this document dealing with this. According to the
ar manpage, GNU ar can deal with any length filenames. Other ar can only
deal with 15 or 16 character names. Note that "control.tar.gz.s" is 16
characters and thus may not work anyway.

Maybe we should check if we use any GNUisms with ar and if so, just put the
full name in, since it won't work elsewhere anyway.

If we don't want that then I have another idea. Replace the whole .tar.gz
extension with .sig.

Can you store multiple signitures in the same file?

> Drawbacks:
> 
>  - Once you have a larger number of members in an archive, verifying the
>    signatures on each of them can be very time-consuming. Thus it is
>    recommended to have a "trusted" path from which packages can be
>    installed without checking (see "Transition" below).

Isn't security worth any price in processing power? MHz is getting cheaper
anyway. And I would have thought that signiture checking would be I/O bound
rather than CPU bound.

> Step 3: Translations
> ----------------------------------------------------------
> 
> Translations are added inside special member archives which have their name
> derived from control.tar.gz by a) prepending "_t" during the transitional
> period and b) appending their locale name to the first component
> ("control"), separated by a dash. If the resulting name exceeds
> sizeof(ar_name) bytes, the first component is shortened accordingly (but
> never the locale name):

I'd be tempted to go with either "lang-de.tar.gz" or even just
"de_AT.tar.gz" with optional underscoring.

> Transition:
> 
>  - (after two releases) Make the "final" file names the default in
>    dpkg-deb.
>  - (after four releases, optional) Drop support for the transitional file
>    names.

The end looks cut off to me. Is there no epilogue?
-- 
Martijn van Oosterhout <kleptog@svana.org>
http://svana.org/kleptog/
> It would be nice if someone came up with a certification system that
> actually separated those who can barely regurgitate what they crammed over
> the last few weeks from those who command secret ninja networking powers.
Reply to: