[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: architecture specific upload announcements

On Apr 10, Martin Schulze wrote
> Hmm, just an idea.  This would be much more easiear if wou would
> have the following situation:
> A maintainer only uploads his source or diffs and announces this
> if he likes to.
>   Nightly some machines (i386, alpha, m68k, sparc, ppc) fetch the
>   source out of the incoming directory and compile them.  The resulting
>   .deb is automatically uploaded into another directory (or into hte
>   unstable tree at once) and the source archive finds its way into
>   the archive, too.

also : the nightly machines can check the .dsc file against debian
developers pgp keys, and ensure that it is ok. then it will check md5sum
for .orig.tar.gz and .diff.gz, and if everything is ok, it will start
building the binary. the new binary will pgp signed by the machine,
so to the public all .deb packages will have the pgp signature from the
same machine. this will imporve security...

the only reason, why i don't like it : i don't want to run such a
mechanism on my machine as root. but building packages only works as
root... if a developer is doing something wrong, he can create a
desaster on all these machines.

any solution to this problem ? 

regards andreas

Reply to: