Re: APT-like system for BOINC
On Wed, Dec 31, 2003 at 07:44:18PM -0800, Karl Chen wrote:
> Sure, that would be reasonable. I don't know what the policy for
> third-party application servers would be...
apt 0.6 in experimental finally checks the integrity of debs, and lets
you add any keys you want to its keyrings. It uses PGP (gpg) as the
cryptographic protocol, which has some nice perks, including the fact
that you can use the trust web to gauge the validity of keys.
Unfortunately, I don't think this would be a good solution for BOINC
because you don't want to depend on gpg for security and it probably
isn't even available on many important platforms. Even so, I like the
idea of enabling users to add the keys of sources they trust. Maybe
some 3rd party sources that sign their binaries will provide a
detached PGP signature of their BOINC key for the benefit of paranoid
This may go without saying, but please don't give any remote host too
much control, regardless of signatures. The cores ideally should run
in a sandbox (chroot(); different user account; whatever's possible on
the platform and with the priviledges available) and I hope that no
provider of binaries will be given control over other aspects of the
system or the BOINC client itself.
> >> (4) System administrators?
> Okay, I'm not sure either if anything special needs to be taken
> into account. Various people claiming to manage hundreds to
> thousands of computers running SETI@home have complained about the
> BOINC system. One argument has been that IT at large
> organizations need to do a lot of internal stability testing
> before installing any software on user desktops, and automatic
> updates will subvert that.
It sounds to me like such large deployments would want to distribute
binaries from internal servers, if this is an issue.