Hi, incoming.debian.org is used to publish recently uploaded source and binary packages before they reach the mirror network of the main archive. Until now, however, with the exception of the buildd network, it has not been possible to verify the integrity of the files. This was traditionally because we did not want to load ftp-master.debian.org by many users downloading files. Several people informed us that it would make their work on Debian easier, if they had a way to securely access these packages. So we decided to implement some changes to incoming.debian.org: First, the archive used by buildds is now publically accessible in http://incoming.debian.org/debian-buildd/. This location provides access to all recently uploaded packages, split into individual suites, and provides the neccessary metadata for APT to verify the integrity of the published files. See [1] for details. [1] <http://incoming.debian.org/HEADER.html> Secondly, source and binary packages are no longer published directly on http://incoming.debian.org/. Instead, people are encouraged to use the pool layout described above which is configured per-suite and contains Release files which have been signed in the normal way. We would also like to thank the Debian System Administration team who quickly setup the static mirror setup for the new incoming.d.o, thus making this possible. We would also like to thank the wanna-build and buildd team for making the relevant changes to the buildds quickly so that we could make this change live. Ansgar
Attachment:
pgp3WdjVTkZHi.pgp
Description: PGP signature