Jump to content
Toggle sidebar
Logos
Search
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Tools
What links here
Related changes
Special pages
Page information
Editing
Module Registry/Requirements
(section)
Page
Discussion
English
Read
Edit
View history
More
Read
Edit
View history
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== 1. Introduction == <span id="purpose"></span> === 1.1 Purpose === This Software Requirements Specification (SRS) document provides a detailed description of the Logos P2P Module Package Manager (ModMan). It outlines the functional and non-functional requirements for developing a secure, decentralized package management system that will serve as the primary module for handling module discovery, updates, versioning, and dependency resolution in the Logos Microkernel ecosystem. <span id="document-conventions"></span> === 1.2 Document Conventions === This document follows these conventions: * MUST/REQUIRED - Indicates a mandatory requirement for MVP * SHOULD/RECOMMENDED - Indicates a requirement planned for subsequent releases * MAY/OPTIONAL - Indicates an optional requirement * TBD - Indicates details that are yet To Be Determined <span id="intended-audience-and-reading-suggestions"></span> === 1.3 Intended Audience and Reading Suggestions === This document is intended for: * Developers implementing the ModMan system * System architects designing the Logos Microkernel ecosystem * Security auditors reviewing the system design * Quality assurance engineers testing the implementation * Project managers overseeing development For developers and architects, it is recommended to read the entire document sequentially. QA engineers should focus on sections 4 and 5. Project managers may want to focus on sections 1, 2, and the high-level aspects of section 4. <span id="product-scope"></span> === 1.4 Product Scope === ModMan is a peer-to-peer system package manager designed specifically for the Logos Microkernel. Its primary purposes are: * Serve as a decentralized application market for Logos modules * Provide secure module discovery and distribution * Handle module versioning and updates * Manage dependencies between modules * Support multiple hardware architectures * Interface with the Logos Microkernel for module deployment * Interface with the PDMS module for dependency resolution and versioning * Interface with the Codex module for file-sharing and content delivery <span id="references"></span> === 1.5 References === * Abate, P., Di Cosmo, R., Gousios, G., & Zacchiroli, S. (2020). Dependency Solving Is Still Hard, but We Are Getting Better at It. DOI: 10.1109/saner48275.2020.9054837 * Boyer, S. (2017). So You Want to Write a Package Manager. Medium. * C. Dale, J. Liu, & Liu, J. (2009). Apt-P2p: A Peer-to-Peer Distribution System for Software Package Releases and Updates. DOI: 10.1109/infcom.2009.5061996 * Barrera, D., McCarney, D., Clark, J., & van Oorschot, P. C. (2014). Baton: Certificate Agility for Android’s Decentralized Signing Infrastructure. DOI: 10.1145/2627393.2627397 * Barrera, D. (2014). Securing Decentralized Software Installation and Updates. * Brown, F., Mirian, A., Jaiswal, A., Nötzli, A., & Stefan, D. (2017). SPAM: A Secure Package Manager. * Wurster, G., & van Oorschot, P. C. (2007). Self-Signed Executables: Restricting Replacement of Program Binaries by Malware. * Hartman, J. H., & Cappos, J. (2008). Stork: Secure Package Management for VM Environments. * Cappos, J., Samuel, J., Baker, S., & Hartman, J. H. (2008). A Look in the Mirror: Attacks on Package Managers. DOI: 10.1145/1455770.1455841 * Cappos, J., Samuel, J., Baker, S., & Hartman, J. (2008). Package Management Security. * Sun, L. (2024). Securing Supply Chains in Open Source Ecosystems: Methodologies for Determining Version Numbers of Components Without Package Management Files. DOI: 10.54097/n8djwto1zb * Catuogno, L., Galdi, C., & Persiano, G. (2020). Secure Dependency Enforcement in Package Management Systems. DOI: 10.1109/tdsc.2017.2777991 * McDaniel, P., & Enck, W. (2010). Not So Great Expectations: Why Application Markets Haven’t Failed Security. DOI: 10.1109/msp.2010.159 * Abate, P., Di Cosmo, R., Treinen, R., & Zacchiroli, S. (2013). A Modular Package Manager Architecture. DOI: 10.1016/j.infsof.2012.09.002 * Gu, Y., Liu, Y., Pu, Y., Hu, X., Chai, H., Wang, R., Gao, X., & Duan, H. (2023). Investigating Package Related Security Threats in Software Registries. DOI: 10.1109/sp46215.2023.10179332 * Xu, Z., & Zhang, X. (2010). dPAN: Distributed Package Management Network. <span id="overall-description"></span>
Summary:
Please note that all contributions to Logos may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Logos:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
