Re: [Gnu-arch-users] crypto signing take 2

[Tom Lord]

    > From: Karel Gardas <address@hidden>

    > > Where can I read about it and why do you think it is important?

    > www.openssl.org, download, compile, install, and run "openssl smime help"
    > -- you will also need to generate your key and certificate and also your
    > own certificate authority for the experiments. 

I think not.  (Both on general principles and because I already spent
N+1 hours today finding the magic combinations of prerequisit-package
version numbers and configure options to get q-agent installed. [*])


    > In fact I do not care about x509 support a lot now, I just think that it
    > would be sad to design tla support for crypto signatures non-extensible
    > and for better testing extensibility, it's great to use two different
    > technologies :-)

I agree in principle but sometimes trying to form the generalizations
up front is more trouble than it's worth.  The general approach that
we're talking about doesn't preclude future extension/generalization.


-t


[*] It's funny, from my perspective, when people talk about using
    q-agent in order to keep the "TCB" small.   Geeze, I only had to 
    install about 10MB of new source (including an out of date version
    of one package) just to get it to compile.

    And all that for a server program and wrapper that should be, at
    _most_, 10 pages of very portable unix code.

    You really don't appreciate how incredibly _bad_ the portability
    and excessive interdependencies of free software has become until
    you're installing it on something other than the very small number
    of platforms that most people use.