Alexander Kjeldaas wrote:
>
> I read the deity draft UI spec v0.1b and noticed that authentication is
> not part of the design, nor part of the wish list.
I think you misunderstand the intent of this document. This document
only proposes a User Interface for the deity tool. What you speak of
will be a part of the package system implementation (something this
document does not cover).
It is also not within the realm of the deity project to design nor
impose an authentication scheme upon the Debian project.
My understanding is that a general package authentication scheme is
being worked on by the Debian developpers at large. Package
authentication is tricky to design and really requires architects
that are fully versed and experienced with crypto to come up with
an system that even approaches being secure.
Rest assured that deity is committed to supporting whatever
authentication mechanism that Debian decides to adopt.
However, whatever that design may be, any authentication system
within deity will be transparent to the users. I suspect that the most
a user will ever see if a package fails authentication is a warning
dialog, and then will refuse to install, manager or even display said
package.
> I think authentication belongs in deity. It could be part of the local
> policy description.
Local policies deal only with the placement or deletion of files from
an installed packages on that local machine.
Authentication and security issues should not, IMHO, be subject to
user tuning. The same level of package authentication should be
preserved across all debian tools and platforms.
The only crypto system that deity has plans for now is for the
second version of deity. That version will allow network installation
and configuration of packages on multiple machines at once. In this
case all communications between the different hosts will be done through
secure means (probably using something akin to ssh to authenticate the
hostname and admin user, and then encrypt the link for all further
transactions). This mechanism has only been talked about so far, and
has not, to my knowledge, been documented yet.
To get a peek at a rough draft of the networking system proposed for
the next version of deity, check out:
http://www.genxl.com/deity/
I hope this answers all of your questions. Thank you for taking the
time to review and comment on the deity UI spec,
Behan
--
Behan Webster mailto:behanw@verisim.com
+1-613-224-7547 http://www.verisim.com/
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .