code-kungfu
commented
5 years ago Utilize GPG to sign the packages as we do with Debian Linux packages? Maybe interface with keybase.io?
Open vincentparrett opened 5 years ago
code-kungfu
commented
5 years ago Utilize GPG to sign the packages as we do with Debian Linux packages? Maybe interface with keybase.io?
vincentparrett
commented
5 years ago @code-kungfu something like that. I'm leaning towards code signing like Nuget does
https://docs.microsoft.com/en-us/nuget/reference/signed-packages-reference
bogdanpolak
commented
5 years ago X.509 in Delphi? Can anyone suggest any open source library for Delphi which is supporting this? Capicom has been declared as deprecated (supports only 32 bit version)
vincentparrett
commented
5 years ago There are native windows api's for x.509, however I've not used them in Delphi.
https://docs.microsoft.com/en-au/windows/desktop/api/wincrypt/
Package Authors will be able to cryptographically sign their packages, such that the authenticity and integrity of the package can be verified.
The mechnism for this has not been determined yet, this is something that nuget introduced recently,
This is really only practical once we have a public package registry up and running.