[Pythonmac-SIG] Package Manager idea, adding a URL scheme
eric.nieuwland at xs4all.nl
Wed Oct 8 18:06:49 EDT 2003
I've been catching up on this thread a bit and I'm under the impression
that there meybe a mix-up on authentication needs when making packages
First there the maintainer of the PackMan database needs to be assured
that the source can be trusted. As there can be many sources, this is a
hard problem and ultimately would require a full-blown PKI. Now I can
hardly imagine anyone would like to set-up a PKI just for fun. PGP
probably is the way to go here.
Then there is the end-user who has to be convinced s/he can trust the
PackMan database and the packages obtained through it. The discussion
on MD5/SHA-1 and SSL seem to cover that fine.
Bottom line is I would not try to implement a single mechanism and use
it for both situations.
Just my 10c.
More information about the Pythonmac-SIG