Opened 3 years ago

#56034 new enhancement

Move binary archive signing public key to ports tree

Reported by: neverpanic (Clemens Lang) Owned by:
Priority: Normal Milestone: MacPorts Future
Component: base Version:
Keywords: Cc: raimue (Rainer Müller)
Port:

Description

The binaries we build are associated with the ports tree they were built from. If there were multiple ports trees configured in your installation, they should not be able to sign each other's archives, so a signing public key should be a property of a ports tree, rather than being shipped with base as we currently do.

In the long run, adding a new ports tree should be simplified by offering a new command, and this command should prompt users to trust this key.

Change History (0)

Note: See TracTickets for help on using tickets.