Packages siginig
Opened this issue · 1 comments
comtihon commented
Packages should be signed, when loading to a remote cache.
Sign should be checked, when downloading them.
comtihon commented
Option1: use simple package's hash
On client side:
- enot should be able to calculate package.ep hash
- dep can be specified by name/namespace and hash (instead of tag/branch)
- after downloading package hash should be checked
On server side:
- enot builder should calculate hashes of packages and store in the database
- enot builder should be able to find and render package by it's name/namespace and hash