[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Some interesting mails read in the last week or two .

Quoting shirish शिरीष (2013-05-25 16:10:20)
> On Sat, May 25, 2013 at 6:16 AM, Jaseem Abid <jaseemabid@gmail.com> 
> wrote:
> > I remember having a talk with Praveen while we were packaging gems 
> > for Debian - where he mentioned that often system administrators 
> > install packages only from official repos and not with gems, pip 
> > etc. Since anybody can run a PPA, how do we deal with the 
> > trust/authenticity issue? How is it being done already?
> They are/were studying something called WebID, see this thread. There 
> are also few other alternatives which are/were also discussed on the 
> parent thread as well.
> https://lists.debian.org/debian-devel/2013/05/msg01070.html
> Also the Debian Archives seem to be different than the Ubuntu PPA's 
> pretty significantly .

WebID is IMO a quite exciting emerging protocol, but the concerns raised 
at the recent Debian mailinglist thread is an important one to have 
addressed - not only for Debian but for WebID in general.

The authentication system currently used by central Debian admins (i.e. 
DAM I think) for use by non-central services is CAS.  More info about 
CAS in Debian package libapache2-mod-auth-cas and corresponding upstream 
Homepage <http://www.ja-sig.org/wiki/display/CASC/mod_auth_cas>.

Beware, though, that CAS or WebID will only help identify _who_ offered 
some PPA/DPA/whatever - not its quality.

...but one of the features I find so very exciting about WebID is its 
ties to semantic web, which allows e.g. an independent decentralized 
"crowd-judgement" system to be setup across official and unofficial 
packages.  Imagine being able to express this:

"I want to subscribe to official stable Debian packages except those 
Jonas is involved in, if same is also offered in one of these 5 
alternative unofficial sources and rated "decent" or better by at least 
10 of my own friends or friends of friends."

Hope that helps :-)

 - Jonas

 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

Attachment: signature.asc
Description: signature

Reply to: