[packaging] Meeting next week to discuss trusted third-party repositories

Jeff Johnson n3npq at mac.com
Fri Dec 19 11:33:36 PST 2008


On Dec 19, 2008, at 2:13 PM, Thomas Leonard wrote:

<...snip...>

Thanks for the instructions.

IMHO, 0install is best-of-breed for the lightweight, AIDE-like,
package managers. The Good Dr. Leonard deserves both praise and credit
for a dead-on solid design and implementation in 0install.

LSB could do far far worse than choosing 0install for a "FedEx"
(see packaging-list archives) model package manager that almost
everyone seems to want (from my lurking on this list).

When all is said and done, packaging "trust" is only about
guaranteeing reliable, trackable, untampered, software delivery,  
nothing more.

That is the "FedEx" packaging software delivery model in 1 sentence.

Content guarantees need to be provided through other means than
"package management". The semantics for tracking maliciously tampered
software contents cannot be solved within package managers, nor should  
package
management attempt to solve these issues.

In most cases that I'm aware of, package management is all about  
reliable delivery,
not about what content is delivered, or how its installed, or where  
its installed,
or anything else. All those other issues are important too, but have  
less to
do with "package management".

And again, thank you for 0install!

73 de Jeff


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4664 bytes
Desc: not available
Url : http://lists.linux-foundation.org/pipermail/packaging/attachments/20081219/23a676ae/attachment.bin 


More information about the packaging mailing list