Make suppression of updates harder #22
Description
The person in charge of the DNS has the ability to suppress updates. This is especially problematic if governance conflicts arise, because it gives a single developer (or admin) special powers.
It is also problematic if this DNS domain becomes censored. To improve the resilience of Codechain against the suppression of updates the following issues have to be implemented:
- DNS: signed head should contain last signed hash chain line number #17
- Extend .secpkg file format with secondary DNS URLs #18
- Include .secpkg file in distribution and update installation with it #19
- Use secondary URLs to install and update packages #20
- Add new hash chain entries for mandatory life signs #21
- Add secondary DNS entries to
ssotpub createpkg#23
With these changes no developer has special powers (every developer could run their own DNS) and domains that become censored or unavailable for other reasons could be rotated out.