From e6ba699929cd7b6da327fe470bd18ab5ae36cd17 Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Mon, 20 Feb 2017 20:33:56 +0000 Subject: [PATCH] . --- Posts/Conex | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/Posts/Conex b/Posts/Conex index b1388af..c34be73 100644 --- a/Posts/Conex +++ b/Posts/Conex @@ -99,7 +99,6 @@ has a good overview of attacks and threat model, both of which are shared by con - Tool to approve a PR (for janitors) - Camelus like opam-repository check bot - Integration into release management systems -- Testing of opam2 [`repository validation command`](http://opam.ocaml.org/doc/2.0/Manual.html#configfield-repository-validation-command) and `conex_verify` ## Getting started @@ -107,10 +106,10 @@ At the moment, our [opam repository](https://github.com/ocaml/opam-repository) does not include any metadata needed for signing. We're in a bootstrap phase: we need you to generate a keypair, claim your packages, and approve your releases. -We cannot verify the repository yet, but opam2 will have support for a +We cannot verify the main opam repository yet, but opam2 has support for a [`repository validation command`](http://opam.ocaml.org/doc/2.0/Manual.html#configfield-repository-validation-command), builtin, which should then call out to `conex_verify` (there is a `--nostrict` -flag for the impatient). +flag for the impatient). There is also an [example repository](https://github.com/hannesm/testrepo) which uses the opam validation command. To reduce the manual work, we analysed 7000 PRs of the opam repository within the last 4.5 years (more details [here](https://hannes.nqsb.io/Posts/Maintainers). @@ -385,8 +384,8 @@ and above) for digest computation and verification of the RSA-PSS signature. The goal is to use the opam2 provided hooks, but before we have signatures we cannot enable them. -See [this testrepo](https://github.com/hannesm/testrepo) for some verification -experiments. +See the [example repository](https://github.com/hannesm/testrepo) for initial +verification experiments, and opam2 integration. I'm interested in feedback, please open an issue on the [conex repository](https://github.com/hannesm/conex). This article itself is stored as