[conspire] Ehhh... Linux image problem, ya think?
Daniel Gimpelevich
daniel at gimpelevich.san-francisco.ca.us
Tue May 23 18:29:11 PDT 2006
On Tue, 23 May 2006 18:52:57 -0700, Rick Moen wrote:
> But I can envision ways to extend classic freenix package regimes to
> accomodate arbitrary non-OS-vendor sources. If you don't mind using the
> OS vendor as clearinghouse, the OS vendor's master signing key can be
> used to vouch for third-party VAR keys, which in turn are used to sign
> packages distributed to users. In the Mac OS X case, it'd be "My system
> trusts new package Foo because Apple has the maintainer signing key in
> its keyring, and so doesn't pop up a warning message." Otherwise, if
> you don't want to have the OS vendor in that role, vendor public keys
> can be made available in other ways, e.g., you trust that the printer
> driver package is really from HP because you _think_ you trust your
> nameserver and routers to get stuff from the real www.hp.com host.
> (That trust model is a little if-ey.)
Sounds rather like TC to me...
More information about the conspire
mailing list