Brock Pytlik wrote:
Shawn Walker wrote:
Nicolas Williams wrote:
I see the choices that users will make as:
- High-level choice: publishers to accept contents from
Here I don't see enough of a difference between /dev and /release to
warrant their having different publishers. But /contrib, to say
nothing of /pending, definitely should require a high-level choice.
Having them as different publishers was never intended, so I agree too ;)
I don't have strong feelings about who the publisher for contrib is.
Whether it's opensolaris.org or "community" or whatever. That decision
isn't in my pay grade as I'm sure there are lots of marketing and
political issues that many people will have strong feelings about.
However, I think there's confusion here. Fundamentally, the group that
signs/owns the osol distro,
Not everything in a repository (or maybe even a stream) needs to be
signed by the same keys and certs - the proposal out for review supports
this. Particularly for something like a contrib repository.
> and the group who signs/owns the
contrib/pending group, need to decide whether the contrib repo has the
same level of trust as the dev repo.
Agreed.
I can see arguments for both sides
of the issue. As I said, that's a political/business decision. From a
Agreed it is a deployment decision for the people setting up that
system. The needs of opensolaris.org and sun.com maybe quite different
from blastware or form
someaddonmultimedianotadoptedbyopensolarisforlegalreasons.org
technology side, there should be no reason that contrib/pending and
dev/release could not share a publisher (with contrib/pending not active
by default for example) or be part of two separate publishers. To me,
Agreed.
the answer to that question is simply the to the question "will packages
in each be signed by the same entity or not." I don't know the answer to
that question, but that seems to be the relevant one.
The manifest signing proposal allows for a lot of flexibility in this
area and doesn't tie the signing key material to a repository or stream
but to an individual package. It also allows for a given package to
have multiple different signatures.
There are at least two possible places to do the signing. The signing
happens before the publication step into the repository - this means the
developers/RE engineers doing the pkgsend have access to the private
signing keys.
The other way is that the depot server that receives the publication of
the packages has a key and cert associated with one or more of a)
repository b) stream c) the peer doing the publication (ie it holds that
developers keys). Case c) is I think unlikely but possible.
I'd say that most of that part of the discussion on when we do the
signing is more relevant to the manifest signing thread that this one.
However depending on how this thread pans out some of it could "show
through".
--
Darren J Moffat
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
