Re: Some interesting mails read in the last week or two .

To: debian-in <debian-dug-in@lists.debian.org>
Subject: Re: Some interesting mails read in the last week or two .
From: Jonas Smedegaard <dr@jones.dk>
Date: Sat, 25 May 2013 20:48:37 +0200
Message-id: <[🔎] 20130525184837.30761.71045@bastian.jones.dk>
In-reply-to: <[🔎] CADdDZRmVW27_0tuwozaVk-ADxDq9zLXnq4DnuKM7kNEFSbvnXQ@mail.gmail.com>
References: <[🔎] CADdDZRnvzQhzvmk8uVdAdsLXdNunAfrTfUL_r46RPU4FgtnxFw@mail.gmail.com> <[🔎] CAH-tXsB2e-zn3K_j33mKtU7DzSd2gPxWSFu0X1rJkfK3+gpAbA@mail.gmail.com> <[🔎] CADdDZRmVW27_0tuwozaVk-ADxDq9zLXnq4DnuKM7kNEFSbvnXQ@mail.gmail.com>

Quoting shirish शिरीष (2013-05-25 16:10:20)
> On Sat, May 25, 2013 at 6:16 AM, Jaseem Abid <jaseemabid@gmail.com> 
> wrote:
> > I remember having a talk with Praveen while we were packaging gems 
> > for Debian - where he mentioned that often system administrators 
> > install packages only from official repos and not with gems, pip 
> > etc. Since anybody can run a PPA, how do we deal with the 
> > trust/authenticity issue? How is it being done already?
> 
> They are/were studying something called WebID, see this thread. There 
> are also few other alternatives which are/were also discussed on the 
> parent thread as well.
> 
> https://lists.debian.org/debian-devel/2013/05/msg01070.html
> 
> Also the Debian Archives seem to be different than the Ubuntu PPA's 
> pretty significantly .

WebID is IMO a quite exciting emerging protocol, but the concerns raised 
at the recent Debian mailinglist thread is an important one to have 
addressed - not only for Debian but for WebID in general.

The authentication system currently used by central Debian admins (i.e. 
DAM I think) for use by non-central services is CAS.  More info about 
CAS in Debian package libapache2-mod-auth-cas and corresponding upstream 
Homepage <http://www.ja-sig.org/wiki/display/CASC/mod_auth_cas>.

Beware, though, that CAS or WebID will only help identify _who_ offered 
some PPA/DPA/whatever - not its quality.

...but one of the features I find so very exciting about WebID is its 
ties to semantic web, which allows e.g. an independent decentralized 
"crowd-judgement" system to be setup across official and unofficial 
packages.  Imagine being able to express this:

"I want to subscribe to official stable Debian packages except those 
Jonas is involved in, if same is also offered in one of these 5 
alternative unofficial sources and rated "decent" or better by at least 
10 of my own friends or friends of friends."

Hope that helps :-)

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

Attachment: signature.asc
Description: signature

Reply to:

References:
- Some interesting mails read in the last week or two .
  - From: shirish शिरीष <shirishag75@gmail.com>
- Re: Some interesting mails read in the last week or two .
  - From: Jaseem Abid <jaseemabid@gmail.com>
- Re: Some interesting mails read in the last week or two .
  - From: shirish शिरीष <shirishag75@gmail.com>

Prev by Date: Re: Some interesting mails read in the last week or two .
Previous by thread: Re: Some interesting mails read in the last week or two .
Index(es):
- Date
- Thread