Re: GroundZero (third party deb repository)
On 12 Feb 1998, Jim Pick wrote:
> Jason Gunthorpe <jgg@gpu.srv.ualberta.ca> writes:
>
> > I just heard about GroundZero, a repository of experimental software,
> > http://www.yggdrasil.com/test/GroundZero/
> >
> > They provide their binaries in a number of forms, including .deb .. The
> > trouble is that they are using normal version numbers. I have stated
> > before that Deity depends on their being only one deb for each version,
> > having two debs called 1.3 that are not the same will cause problems.
> >
> > Perhaps we should decide on some sort of policy regarding this?
>
> I personally think it's just a case of "buyer beware". I don't think
> Adam Richter of Yggdrasil is doing the repository with the expectation
> that people will be mixing packages via dpkg-ftp or deity. They are
> going to be installing them manually using dpkg -i. And those
> packages are definitely not going to be conforming to any sort of
> Debian policy. If a user installs a non-Debian package using dpkg -i,
> and it screws up, that doesn't make us look bad, because it's his/her
> own fault.
[snip]
I agree. Note, that this topic has been discussed WRT the KDE packages on
debian-policy some time ago. We had a consensus that it doesn't make sense
to define a policy for non-Debian people, since we can't control what they
are releasing.
Thus, we had the idea of implementing the `Origin:' tag on the packages
which would, together with digitally signed packages, give our package
tools (dpkg, dselect, deity) a chance to check for packages which come
from another source--even if they use the same package name and/or
version.
Since we'll have the g10 package (a dfsg-free pgp replacement) soon,
perhaps we could use this for signing the packages. (Note, that this
package will also be non-us, unfortunately.)
How hard would it be to implement the Origin/g10-signature check for
deity?
Thanks,
Chris
-- Christian Schwarz
schwarz@monet.m.isar.de, schwarz@schwarz-online.com,
Debian has a logo! schwarz@debian.org, schwarz@mathematik.tu-muenchen.de
Check out the logo PGP-fp: 8F 61 EB 6D CF 23 CA D7 34 05 14 5C C8 DC 22 BA
pages at http://fatman.mathematik.tu-muenchen.de/~schwarz/debian-logo/
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: