Re: changes file format
Bill Mitchell writes ("Re: changes file format "):
> [...]
> I also reiterate my suggestion that we stop the practice
> of maintainers announcing directly (and prematurely)
> to debian-changes, and have the maintainer announcements
> uploaded to debian.org along with the other package files,
> machine-parsed there, and machine-produced announcements
> in whatever announcement format is deemed appropriate
> incorporating information from the machine-parsed maintainer
> uploads made from debian.org once the packages being
> announced are actually available as part of the distribution.
No, this has even worse security properties than the scheme we have at
the moment.
It's important that the distribution channels for the MD5 checksum
information and the files themselves remain separate. (For this
reason I think that putting the MD5 checksums in the Incoming
directory itself is bad - there should be a separate administrative
directory.)
It would be best if every announcement were reviewed by a human
before being passed to the automatic distribution and changelog
maintenance software.
Ian.
Reply to: