www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@webweaving.org>
Subject RE: Proposals
Date Fri, 07 Nov 2003 12:59:51 GMT

On Fri, 7 Nov 2003 dion@multitask.com.au wrote:

> not as much bandwidth...

So lets design this a bit better then = make sure that it allows for the
authoritative source to be on ASF[*] hardware (perhaps with an ASF signed
key, sha1 or md5) - but it can be mirrored out through ibiblio, my local
disk, or wherever - without compromsing trust, oversight, etc.

If that means we need to maintain a 'master' list of checksums or
something else signed on trusted hardware - that can be arranged. Either
as a web page or through some clever DNS/urn naptr mechanism.  But there
is no reason not to decouple the trust/authoritative chain and/or metadata
from the actual bulk payload.


*:	or whoever else is authoritative on the package.

View raw message