[packaging] Meeting next week to discuss trusted third-party repositories
Jeff Johnson
n3npq at mac.com
Fri Dec 19 11:33:36 PST 2008
On Dec 19, 2008, at 2:13 PM, Thomas Leonard wrote:
<...snip...>
Thanks for the instructions.
IMHO, 0install is best-of-breed for the lightweight, AIDE-like,
package managers. The Good Dr. Leonard deserves both praise and credit
for a dead-on solid design and implementation in 0install.
LSB could do far far worse than choosing 0install for a "FedEx"
(see packaging-list archives) model package manager that almost
everyone seems to want (from my lurking on this list).
When all is said and done, packaging "trust" is only about
guaranteeing reliable, trackable, untampered, software delivery,
nothing more.
That is the "FedEx" packaging software delivery model in 1 sentence.
Content guarantees need to be provided through other means than
"package management". The semantics for tracking maliciously tampered
software contents cannot be solved within package managers, nor should
package
management attempt to solve these issues.
In most cases that I'm aware of, package management is all about
reliable delivery,
not about what content is delivered, or how its installed, or where
its installed,
or anything else. All those other issues are important too, but have
less to
do with "package management".
And again, thank you for 0install!
73 de Jeff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4664 bytes
Desc: not available
Url : http://lists.linux-foundation.org/pipermail/packaging/attachments/20081219/23a676ae/attachment.bin
More information about the packaging
mailing list