On Fri, Sep 11, 2009 at 04:53:53AM -0500, Shawn Walker wrote: > Darren J Moffat wrote: > >Shawn Walker wrote: > >>Darren J Moffat wrote: > >>>I'm trying to understand what we actually gain by having any more > >>>complexity than just repository as the terminology and I'm not sure I > >>>get it yet. > >> > >>Because a repository alone isn't sufficient to express the identity of > > ^^^^^^^^^^^^^^^^^^^^ > > > >That is a security model concept hence my desire to include that in the > >discussion. > > A key requirement has been that we do *not* require encryption or > signing so that users that are unable to use encryption or signing (due > to export restrictions, local laws, or other reasons) can still use the > system. This means that we have to be able to express the identity of > packages without relying on signatures, encryption, etc.
No, it means that you need to be able to express identities that are not authenticated as well as identities that are. Therefore there is a tie to the security model. Bottom-line: by designing without security in mind, you're likely to screw up in ways that require that you go back to the drawing board. Spending a little more time gathering requirements and thinking about these related problems will reduce the likelihood that you'll have to re-design later. IMO there is a dependency between getting the publisher model right, the UI right, and manifest signing. Not a strong dependency, but it'd be wise to take a holistic approach here. You're free to ignore our advice, of course; from what you've said it seems likely that you will. Nico -- _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
