* Darren Reed <Darren.Reed at Sun.COM> [2008-07-30 19:45]: > Stephen, > > I've updated the issues files with the questions from the meeting > this morning and made a brief note of the answers that I could > remember. > > There were two questions I had from the discussion that I didn't > bring up at the time: > > djr-3 Can package authorities be discovered rather than configured? > > djr-5 If multiple catalogues/depots are available, how does IPS choose > which one to use if they are publishing conflicting information? > > For djr-3, I'm thinking along the lines of using multicast discovery on > your local LAN or corporate WAN/LAN or maybe clues via DHCP or > even a special DHCP tag or ...
Yes, we think multicast discovery is very interesting for discovering local depots. We'd also like to have a means for one repository to offer pointers to other interesting repositories, although this could be as simple as a package with a bunch of authority definitions. We'll discuss djr-5 and get a proper response, but fully adversarial repositories, presumably with legitimate cryptographic tokens, hasn't been a focus. Our model has been trust signed metadata, distrust contents. We could go further into what "trust" means, I suppose. - Stephen -- sch at sun.com http://blogs.sun.com/sch/
