Darren J Moffat wrote:
Shawn Walker wrote:
Nicolas Williams wrote:
On Thu, Sep 10, 2009 at 06:08:59PM -0500, Shawn Walker wrote:
Nicolas Williams wrote:
- Publishers are defined by files installed by packages. Those files
At this time, I don't believe packages are the right solution; it
creates a nasty boot-strapping problem and doesn't bring much benefit.
The specific details of how publishers are added are not as important as
the UI details. The UI should require users to point at publisher
definitions, and then should require users to "validate" any publishers
which are not signed by others. The nice thing about using pkgs is that
you'll get the "publisherd spec signatures" for free via manifest
signatures, but whatever.
What boot-strapping issues? The CD image would have the relevant files
installed already, therefore it'd trust the initial set of publishers.
First of all, the whole trust/signing thing is still under design
discussion, so I'm going to ignore anything related to that because I
can't account for what isn't yet designed.
That means you are saying "don't care about security we can bolt it on
later". No can't you need to build that into the design because not
getting the security model right will have major issues later. See
below for why I think this is important, it really impacts the
terminology and the abstractions between them.
I can't account for a security model that hasn't been designed or
discussed. Nor do I feel I'm the right person to do that. As such, I'm
not interested in hypothetical security discussions surrounding
publishers, etc. or possible models to use with them. So, I'm punting
to whoever else wants to actually work on that; I'm not.
Security is not the focus of this proposal; the terminology and UI
presentation is. I'm extremely skeptical of the idea that trust models,
signatures, etc. will have any impact on the basic presentation of these
high-level concepts to users or their basic interactions with them.
My personal view is that certs, key pairs, etc. should be largely
invisible to most users, and as such, I'm treating them just as invisibly 8)
Cheers,
--
Shawn Walker
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
