On Thu, May 29, 2008 at 04:26:14PM -0700, Jordan Brown wrote: > >The name of the organization that packaged a given instance isn't very > >interesting since its relevance to you will depend on your trust anchor > >set (policy). > > People seem to think it important that they have the Red Hat version of > some GNU package. (Note that's two names - Red Hat, to distinguish who > customized the software, did the build, and created and signed the > package, and GNU to distinguish GNU make from Sun make.) At least that > seemed to be how some of the people in the discussion were using the names.
If you don't want pkgs built by me then don't allow them in your policy. I think the URNs need to be compact and useful. But if you want them to mean one thing no matter what the local policy then stuff a hash or signature fp into the URN. _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
