[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: GroundZero (third party deb repository)

On 12 Feb 1998, Jim Pick wrote:

> Jason Gunthorpe <jgg@gpu.srv.ualberta.ca> writes:
> > I just heard about GroundZero, a repository of experimental software, 
> > http://www.yggdrasil.com/test/GroundZero/
> > 
> > They provide their binaries in a number of forms, including .deb .. The
> > trouble is that they are using normal version numbers. I have stated
> > before that Deity depends on their being only one deb for each version,
> > having two debs called 1.3 that are not the same will cause problems.
> > 
> > Perhaps we should decide on some sort of policy regarding this?
> I personally think it's just a case of "buyer beware".  I don't think
> Adam Richter of Yggdrasil is doing the repository with the expectation
> that people will be mixing packages via dpkg-ftp or deity.  They are
> going to be installing them manually using dpkg -i.  And those
> packages are definitely not going to be conforming to any sort of
> Debian policy.  If a user installs a non-Debian package using dpkg -i,
> and it screws up, that doesn't make us look bad, because it's his/her
> own fault.

I agree. Note, that this topic has been discussed WRT the KDE packages on
debian-policy some time ago. We had a consensus that it doesn't make sense
to define a policy for non-Debian people, since we can't control what they
are releasing.

Thus, we had the idea of implementing the `Origin:' tag on the packages
which would, together with digitally signed packages, give our package
tools (dpkg, dselect, deity) a chance to check for packages which come
from another source--even if they use the same package name and/or

Since we'll have the g10 package (a dfsg-free pgp replacement) soon,
perhaps we could use this for signing the packages. (Note, that this
package will also be non-us, unfortunately.)

How hard would it be to implement the Origin/g10-signature check for



--                  Christian Schwarz
                     schwarz@monet.m.isar.de, schwarz@schwarz-online.com,
Debian has a logo!    schwarz@debian.org, schwarz@mathematik.tu-muenchen.de
Check out the logo     PGP-fp: 8F 61 EB 6D CF 23 CA D7  34 05 14 5C C8 DC 22 BA
pages at  http://fatman.mathematik.tu-muenchen.de/~schwarz/debian-logo/

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: