On 11/09/09 12:37 PM, Shawn Walker wrote:
Nicolas Williams wrote:
Bottom-line: by designing without security in mind, you're likely to
screw up in ways that require that you go back to the drawing board.
Spending a little more time gathering requirements and thinking about
these related problems will reduce the likelihood that you'll have to
re-design later.
No, the bottom line is that the security aspects do not have to be a
part of the core, high-level concepts involved with a publisher,
repository, stream, etc. They are an addition to, not a requirement
of, those models.
It is severely premature to attempt to even begin to worry about
key/cert signing, etc. before an agreement on the very basic
high-level concepts used has been achieved. Please stop banging the
security drum or making wild accusations about being ignored. The
feedback requested here is not security-related; when we're ready for
that, the advice will be greatly appreciated.
To do security well requires that it be part of the initial, core,
design, not tacked on later. Thus it needs to be reviewed with the other
core components.
If you don't do it that way, then the chances of getting the security
right are greatly diminished.
Darren
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
