Re: [Plash] Packaging system (was: Plash Wiki)

plash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Plash] Packaging system (was: Plash Wiki)

From:	Thomas Leonard
Subject:	Re: [Plash] Packaging system (was: Plash Wiki)
Date:	Wed, 28 Mar 2007 21:48:13 +0100

On 3/10/07, Thomas Leonard <address@hidden> wrote:

On 3/8/07, Mark Seaborn <address@hidden> wrote:
[...]
> To clarify, I meant the sort of trust you're referring to here.  When
> I launch gedit I want to be sure that I am getting a program that was
> signed by the public key I specified when I installed gedit,

I agree. The trust database should record which domains the key is
trusted for. Then the 'confirm trust' box can say "Note: you already
trust this key for software from XXX.org" when confirming a key for
YYY.org.


I've done a bit of work on this now. The new confirmation dialog looks
like this:

http://0install.net/screens/trust-domain.png

By default, the domain in which a key is trusted is currently the host
part of the feed URL. So, if you run ROX-Filer, Edit and 0compile then
you'll be asked to accept my key twice (for rox.sourceforge.net and
for 0install.net). On the second time, it will tell you that you
already trust it in the other domain.

If you want it more fine-grained, adjust "trust.domain_from_url()" to taste.


--
Dr Thomas Leonard               http://rox.sourceforge.net
GPG: 9242 9807 C985 3C07 44A6  8B9A AE07 8280 59A5 3CC1

[Prev in Thread]

Current Thread

[Next in Thread]

[Plash] Packaging system (was: Plash Wiki), Mark Seaborn, 2007/03/08
- Re: [Plash] Packaging system (was: Plash Wiki), Thomas Leonard, 2007/03/10
  - Re: [Plash] Packaging system, Mark Seaborn, 2007/03/11
    - Re: [Plash] Packaging system, Thomas Leonard, 2007/03/17
  - Re: [Plash] Packaging system (was: Plash Wiki), Thomas Leonard <=

Prev by Date: Re: [Plash] Packaging system
Previous by thread: Re: [Plash] Packaging system
Index(es):
- Date
- Thread