[EMAIL PROTECTED] bcc'ed.] On Thu, Nov 13, 2008 at 02:19:26PM -0800, John Sonnenschein wrote: > I still wholeheartedly maintain that binary-only packages ought to be > an exception to the rule and process should try to avoid it as much as > possible.
If you don't trust binary-only packages from random submitters (and I can't and don't blame you!) then neither should you trust binary+source packages either. Instead you should demand source submissions only (as spec files) and either accept only binary builds thereof from trusted sources or build it yourself. Of course, I doubt you'd review the sources carefully enough if you were to take the last approach, but it's nice to know that's possible. Just to be clear: the pkgfactory project will *not* review the sources we download, not when we're talking about 100K+ pkgs. Which brings us to: how do you establish whether you trust some piece of code from a third party when they're but one in a see of hundreds of third parties? How do you do this in the Linux world? This is partly why TX/FMAC/FLASK matter so much (and SELinux, in the Linux space). > That is, you ought to have a decent reason to be distributing closed- > only packages, and people who are trusted ( the people in charge of > contrib/ ) should be able to vouch for your trustworthiness. I'm pretty sure that we'll find a way to link every pkg that the pkgfactory contributes to the spec file that we used to build it. So you'll be able to get the sources and review and build them if you like. > Letting some random user upload an unknown and untrusted binary is a > recipe for disaster No more than an automated pkg build system applied to everything it manages to build. We're doing just that. Enterprise customers will not install bits from /contrib, except where Sun or someone they trust are willing to vouch for it (think Cool Stack). /contrib is not aimed at enterprise users. Nico -- _______________________________________________ indiana-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/indiana-discuss
