On Mon, May 26, 2008 at 07:35:31PM -0500, Shawn Walker wrote: > After the thread with Peter, I am convinced that he is correct about > name alone not being sufficient for equivalence. It would appear that > equivalence and dependency provision are intertwined. As an example: > > pkg://pkg.sun.com/[EMAIL PROTECTED] > pkg://pkg.abc.com/[EMAIL PROTECTED] > pkg://pkg.xyz.com/[EMAIL PROTECTED]
These may or may not be equivalent. Fully-qualified package names might have to include the name of the packager (which need not/must not be tied to the repository name); we might also want a UUID. See also my reply to Peter about digital signatures. I don't think there can be a way to enforce a global namespace given the ability to host repositories anywhere. (There's no way to enforce a single global DNS root either. We tend to use just one on the Internet, true, but many intranets have their own root and still provide direct Internet access.) As with DNSSEC, security will have to be provided via digital signatures. Nico -- _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
