On Thu, May 29, 2008 at 03:32:39PM -0700, Jordan Brown wrote: > Sounds like might you need *three* domain names in there some place, in > the fully-qualified URL case: > > - the name of the server you're retrieving from > - the name of the organization that built and signed the package and so > is responsible for the binaries > - the name of the organization that originally wrote the software and so > is responsible for the sources
Hmmm, actually, I think I see only two: - the name of the repository (for URLs) - the name of the original _packager_ The name of the organization that packaged a given instance isn't very interesting since its relevance to you will depend on your trust anchor set (policy). For URNs then there'd be one domain name. For URLs there'd be two. Exact URNs would have a hash as a URN fragment. If you care about who did the actual packaging, then add a pubkey/cert fingerprint. > (Of course, that still doesn't take into account the possibility that > there are multiple levels of source authorship.) IMO this is irrelevant. Nico -- _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
