perfsonar development work

[Nicolas Simar <>]

Hi Anton,

can you please create the following email address:
- 


and add behind it 

 and 


Best regards,
Nicolas

Sasa Cavara wrote:
> On Tue, Sep 30, 2008 at 05:06:00PM +0200, Verena Venus wrote:
>> Hi Gijs,
>>
> 
> Hi gang,
> 
> Then let get the ball rolling..
> 
>> Am Dienstag, 30. September 2008 16:39:07 schrieb Gijs Molenaar:
>>> I never talked about this, but it is actually something that should be
>>> done. I was trying to do this with Loukik a couple of months ago, but
>>> loukik is gone (may he rest in peace).  I don't have the time to do this
>>> anymore now, but I thought it would be good to share my idea about this.
>>>
>>> To resolve the 'package is not signed' error/warning during package
>>> installation from the repository do the following:
>>>
>>> 1> let somebody create a perfsonar key email adres 
>>> (
>>>  or
>>> whatever) and let this forward to you and other people responsible for
>>> security/packages/repository.
> 
> Nicolas, who should I contact (or you can do it :D) in order to get this 
> email 
> address created. 
> 
>  
> (
>  as  backup option) sounds good. 
> 
>  could be backup option :). after that i can start with PGP stuff :)
> 
> take care,
> 
>>> 2> Create a PGP key pare with this e-mail
>>>
>>> 3> Put the public key on the downloads server
>>>
>>> 4> Sign the RPMs and DEBs with the (private) key (see man pages of rpm
>>> and dpkg)
>>>
>>> 5> Modify installation instructions so that people add the public
>>> perfsonar key to their yum/apt config.
>>>
>>> For example virtualbox does it like this (www.virtualbox.org) for debian:
>>> wget -q http://download.virtualbox.org/virtualbox/debian/sun_vbox.asc
>>> -O- | sudo apt-key add -
>>>
>>> This is also possible for yum.
>>>
>>> 5> Put the signed packages in the repository.
>>>
>>> 6> Put the key on a _safe_ place and _don't_ lose it or get it 
>>> compromised.
>>>
>>> if this is too difficult to do, or time is too short, you can add the
>>> --nogpgcheck option to yum to install the packages anyway, but this is
>>> UGLY and not secure.
>> In fact, that's the only way to make it work right now, and I would 
>> appreciate 
>> it, if we could get rid of this.
>>
>> If Sasa is taking care of the PGP stuff it should be no problem to use it 
>> for 
>> this release. I don't think, it is that much time consuming or complicated 
>> for developers to sign a package :)
>>
>> Regards,
>> Verena
>> -- 
>> Verena Venus, DFN-Labor
>> Friedrich-Alexander-Universität Erlangen-Nürnberg
>> Regionales RechenZentrum Erlangen (RRZE)
>> Martensstraße 1, 91058 Erlangen, Germany
>> Tel. +49 9131 85-28738, -28800, Fax +49 9131 302941
>> 
>> 
>> www.win-labor.dfn.de
> 

-- 
Nicolas
______________________________________________________________________

Nicolas Simar
Network Engineer

DANTE - www.dante.net

Tel - BE: +32 (0) 4 366 93 49
Tel - UK: +44 (0)1223 371 300
Mobile: +44 (0) 7740 176 883

City House, 126-130 Hills Road
Cambridge CB2 1PQ
UK
_____________________________________________________________________