Nicolas Williams wrote:
On Thu, Sep 10, 2009 at 06:08:59PM -0500, Shawn Walker wrote:
Nicolas Williams wrote:
- Publishers are defined by files installed by packages. Those files
At this time, I don't believe packages are the right solution; it
creates a nasty boot-strapping problem and doesn't bring much benefit.
The specific details of how publishers are added are not as important as
the UI details. The UI should require users to point at publisher
definitions, and then should require users to "validate" any publishers
which are not signed by others. The nice thing about using pkgs is that
you'll get the "publisherd spec signatures" for free via manifest
signatures, but whatever.
What boot-strapping issues? The CD image would have the relevant files
installed already, therefore it'd trust the initial set of publishers.
First of all, the whole trust/signing thing is still under design
discussion, so I'm going to ignore anything related to that because I
can't account for what isn't yet designed.
As for boot-strapping issue, how do you think the CD image gets built?
An empty image is created, and the packages are installed into it.
The issue as I see it is that you need the package in some form to be
able to install it into an image before you know what repositories are
available, etc. Therefore, you've either created an implicit reliance
on an on-disk format that we don't have yet, or you're requiring that
anytime a user adds a new publisher that they have that information in a
package.
So, overkill, as I said. All the system needs is a .p5i file or a URI
where p5i data can be retrieved. That has the added benefit of avoiding
the reliance on an on-disk package format (that doesn't exist yet) to
pre-define publisher information, etc. And as a single, simple text-file
is far easier for administrators/users to understand and create/edit.
- Users don't define publishers.
This has been intended for a long time now as mentioned multiple times
previously on this list and other places.
Yes, there's no central document for this, sorry. But there's really
nothing different here you're proposing except delivery by packages,
which currently seems like overkill to me (as well as problematic).
That's not the only UI detail though. What becomes of /release and /dev
in a world in which we have named streams rather than just named
repositories? "Streams", or whatever you want to call them, need to be
first class objects in the UI.
I'm fairly certain what Brock has outlined has proposed that exactly.
I think if I had to summarise the proposal in a nutshell, it's simply this:
* Users shouldn't be adding/removing repositories.
* Users should just add publishers to their system (or use publishers
that were already defined on their pre-installed system); the process of
which pre-defines the available repositories, etc. from which we can
derive the available set of packages and streams.
Cheers,
--
Shawn Walker
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
