Re: [pkg-discuss] Package namespace, comments on

Tue, 27 May 2008 10:42:29 -0700 

A "creator/owner/group" as part of the name space would help in this
regard. This portion of the package identifier would signify what group
of packages this particular package belongs to, for instance :

pkg://opensolaris/[EMAIL PROTECTED]
pkg://blastwave/[EMAIL PROTECTED]
pkg://vendorx/[EMAIL PROTECTED]

This identifier would designate the creator/owner/group and not the
repository, reason for this being that a particular repository should be
able to host multiple "groups". This would allow repositories to be
replicated, similar to how anonymous ftp sites replicate the same set of
software currently. The ftp site you download from is irrelevant, the
path to a particular piece of software is constant though :

${pub}/gnu/appxyz  points to the same piece of software, no matter what
the host name.

Dependencies between packages from different groups can then be
satisfied from a single repository, if the repository mirrors all the
required "groups". In the case that a 3rd party would prefer to
distribute only from their own repository, this would be good too as
this would be the only repository serving that particular group.


Regards
Hein Van Der Merwe




On Tue, 2008-05-27 at 11:45 -0500, Nicolas Williams wrote:
> On Mon, May 26, 2008 at 07:35:31PM -0500, Shawn Walker wrote:
> > After the thread with Peter, I am convinced that he is correct about
> > name alone not being sufficient for equivalence. It would appear that
> > equivalence and dependency provision are intertwined. As an example:
> > 
> > pkg://pkg.sun.com/[EMAIL PROTECTED]
> > pkg://pkg.abc.com/[EMAIL PROTECTED]
> > pkg://pkg.xyz.com/[EMAIL PROTECTED]
> 
> These may or may not be equivalent.  Fully-qualified package names might
> have to include the name of the packager (which need not/must not be
> tied to the repository name); we might also want a UUID.  See also my
> reply to Peter about digital signatures.
> 
> I don't think there can be a way to enforce a global namespace given the
> ability to host repositories anywhere.  (There's no way to enforce a
> single global DNS root either.  We tend to use just one on the Internet,
> true, but many intranets have their own root and still provide direct
> Internet access.)  As with DNSSEC, security will have to be provided via
> digital signatures.  
> 
> Nico

_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss

Reply via email to