Nicolas Williams wrote: > On Thu, May 29, 2008 at 03:32:39PM -0700, Jordan Brown wrote: >> Sounds like might you need *three* domain names in there some place, in >> the fully-qualified URL case: >> >> - the name of the server you're retrieving from >> - the name of the organization that built and signed the package and so >> is responsible for the binaries >> - the name of the organization that originally wrote the software and so >> is responsible for the sources > > Hmmm, actually, I think I see only two: > > - the name of the repository (for URLs) > - the name of the original _packager_ > > The name of the organization that packaged a given instance isn't very > interesting since its relevance to you will depend on your trust anchor > set (policy).
People seem to think it important that they have the Red Hat version of some GNU package. (Note that's two names - Red Hat, to distinguish who customized the software, did the build, and created and signed the package, and GNU to distinguish GNU make from Sun make.) At least that seemed to be how some of the people in the discussion were using the names. > For URNs then there'd be one domain name. > > For URLs there'd be two. > > Exact URNs would have a hash as a URN fragment. > > If you care about who did the actual packaging, then add a pubkey/cert > fingerprint. > >> (Of course, that still doesn't take into account the possibility that >> there are multiple levels of source authorship.) > > IMO this is irrelevant. I don't know how much needs to go into a UR[INL], but it does seem interesting to track that this is GNU make, as modified by Nico. (With as much recursion as desired, when I take the GNU-Nico make and modify it myself, et cetera. Note that this only continues as long as the branches are diverged; when I push Gnu-Nico-Jordan make back to GNU it becomes just GNU make again.) It may be that the set of interesting identification data is too large to cram into a UR[ILN] and so the actual identifier might as well be a UUID, found doing a database search on the parameters that you're interested in. Anyhow, not a topic I really want to participate in. It just seemed like there were at least three concepts of "organization name" floating around, with only ~2 slots on the UR[ILN] for them to fit into, and I wanted to point that out. _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
