opam - conex.0.10.1

Establish trust in community repositories

Conex is a utility for verify and attest release integrity and authenticity of community repositories through the use of cryptographic signatures (RSA-PSS-SHA256). It is based on the update framework, especially on their CCS 2010 paper, and adapted to the requirements of the opam repository.

The developer sign their release checksums and build instructions. A quorum (with a configurable threshold) of repository maintainers signs the package name to developer key relation. These repository maintainers are enrolled by a quorum of offline root keys.

The TUF spec has a good overview of attacks and threat model, both of which are shared by conex.

Author	Hannes Mehnert <hannes@mehnert.org>
License	BSD-2-Clause
Published	Sep 9, 2018
Homepage	https://github.com/hannesm/conex
Issue Tracker	https://github.com/hannesm/conex/issues
Maintainer	Hannes Mehnert <hannes@mehnert.org>
Dependencies	ocaml>=4.03.0 & <5.0.0 dune cmdliner opam-file-format>=2.0.0~rc2
Source [http]	https://github.com/hannesm/conex/releases/download/0.10.1/conex-0.10.1.tbz sha256=8e92a9fce2133fa44f7d81211790e911a1e011a138ca56da48af50d612ed4b81 md5=1e09e8e28c4b26d5a22b3a5afd1fdc5c
Edit	https://github.com/ocaml/opam-repository/tree/master/packages/conex/conex.0.10.1/opam

Required by

conex-nocrypto=0.10.1

conexversion 0.10.1 0.9.20.10.00.10.10.11.00.11.1 (latest)

Establish trust in community repositories

conexversion
0.10.1
0.9.2
0.10.0
0.10.1
0.11.0
0.11.1 (latest)