perfsonar development work

[Sasa Cavara <>]

On Wed, Oct 01, 2008 at 10:47:52AM +0200, Nicolas Simar wrote:
> Hi Anton,
> 
> can you please create the following email address:
> - 
> 

i guess that we are going to go with 
.
 

> 
> and add behind it 
> 
>  and 
> 
> 
> Best regards,
> Nicolas
> 
> Sasa Cavara wrote:
> > On Tue, Sep 30, 2008 at 05:06:00PM +0200, Verena Venus wrote:
> >> Hi Gijs,
> >>
> > 
> > Hi gang,
> > 
> > Then let get the ball rolling..
> > 
> >> Am Dienstag, 30. September 2008 16:39:07 schrieb Gijs Molenaar:
> >>> I never talked about this, but it is actually something that should be
> >>> done. I was trying to do this with Loukik a couple of months ago, but
> >>> loukik is gone (may he rest in peace).  I don't have the time to do this
> >>> anymore now, but I thought it would be good to share my idea about this.
> >>>
> >>> To resolve the 'package is not signed' error/warning during package
> >>> installation from the repository do the following:
> >>>
> >>> 1> let somebody create a perfsonar key email adres 
> >>> (
> >>>  or
> >>> whatever) and let this forward to you and other people responsible for
> >>> security/packages/repository.
> > 
> > Nicolas, who should I contact (or you can do it :D) in order to get this 
> > email 
> > address created. 
> > 
> >  
> > (
> >  as  backup option) sounds good. 
> > 
> >  could be backup option :). after that i can start with PGP stuff :)
> > 
> > take care,
> > 
> >>> 2> Create a PGP key pare with this e-mail
> >>>
> >>> 3> Put the public key on the downloads server
> >>>
> >>> 4> Sign the RPMs and DEBs with the (private) key (see man pages of rpm
> >>> and dpkg)
> >>>
> >>> 5> Modify installation instructions so that people add the public
> >>> perfsonar key to their yum/apt config.
> >>>
> >>> For example virtualbox does it like this (www.virtualbox.org) for 
> >>> debian:
> >>> wget -q http://download.virtualbox.org/virtualbox/debian/sun_vbox.asc
> >>> -O- | sudo apt-key add -
> >>>
> >>> This is also possible for yum.
> >>>
> >>> 5> Put the signed packages in the repository.
> >>>
> >>> 6> Put the key on a _safe_ place and _don't_ lose it or get it 
> >>> compromised.
> >>>
> >>> if this is too difficult to do, or time is too short, you can add the
> >>> --nogpgcheck option to yum to install the packages anyway, but this is
> >>> UGLY and not secure.
> >> In fact, that's the only way to make it work right now, and I would 
> >> appreciate 
> >> it, if we could get rid of this.
> >>
> >> If Sasa is taking care of the PGP stuff it should be no problem to use 
> >> it for 
> >> this release. I don't think, it is that much time consuming or 
> >> complicated 
> >> for developers to sign a package :)
> >>
> >> Regards,
> >> Verena
> >> -- 
> >> Verena Venus, DFN-Labor
> >> Friedrich-Alexander-Universität Erlangen-Nürnberg
> >> Regionales RechenZentrum Erlangen (RRZE)
> >> Martensstraße 1, 91058 Erlangen, Germany
> >> Tel. +49 9131 85-28738, -28800, Fax +49 9131 302941
> >> 
> >> 
> >> www.win-labor.dfn.de
> > 
> 
> -- 
> Nicolas
> ______________________________________________________________________
> 
> Nicolas Simar
> Network Engineer
> 
> DANTE - www.dante.net
> 
> Tel - BE: +32 (0) 4 366 93 49
> Tel - UK: +44 (0)1223 371 300
> Mobile: +44 (0) 7740 176 883
> 
> City House, 126-130 Hills Road
> Cambridge CB2 1PQ
> UK
> _____________________________________________________________________
> 
> 
>       
>                                       

-- 
Sasa Cavara
[C]roatian [A]cademic and [R]esearch [Net]work
mob: +385-91-1450-222
tel: +385-1-6661-792