[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: using GnuPG to sign packages?

James Mastros writes:

 > Speaking of which, I think debian-devel-mentors is the proper place for this
 > sort of thing; ccing and reply-toing there.  Note that everything is AFAIK;

Okay, thanks for the tip.  I'm subscribed to that list now.

 > The first time I read developers-reference, I thought I would have the same
 > problem (especially as I live in the middle of nowhere), but on re-reading,
 > you need to have a well-signed key OR mail (snail- or e-) an offical ID.

I see what you mean.  It really would be more convenient to go the
official ID route (if I do indeed become a DD) simply because I don't
have a well signed key.  I've played around with encryption for years, 
but no one I correspond with seems to have the slightest inclination
to use it!  Then again, they are mostly non-technical types. ;-)

 > You can package things for your own internal use without being a
 > debian-developer easily enough.

Oh sure, I know that, the PGP thing is not such about being a DD but
just knowing about it and being able to sign my own packages for my
own nefarious purposes.  I just mentioned that I might contribute as a 

In fact once I figured out how to do it, I was making my own packages
left and right just for the convenience of (de)installation and
conformance with policy.  Then again they have all been relatively
simple apps (as most of the complex ones are already well packaged.)

 > GnomeICU is already packaged (in the staging area, for the time being:
 > aptline: deb http://www.debian.org/~jules/gnome-stage-2 unstable

Ah, I see(k you)!  Hmm well, I've only been checking the slink Gnome
staging area, not potato, and it's not in slink, so that explains it.
I emailed someone @debian.org about my "brand new package" so they
probably think I'm a looney now. [1]  

 > for potato.  You are running potato, aren't you?  (De facto standard for
 > developers seems to be running unstable, since packages in development are
 > unstable by definition, and packaging for a dist that you aren't running is
 > both silly and difficult.)  

No, actually I'm running slink.  Now, before you run me out of town,
let me explain.  I do see your point, certainly, but I've just come
off a rather unstable period in the life of my Debian installation.  I 
was running a box that been slackware, then hamm, then slink when it
was unstable, all on the same partition without ever really cleaning
up some of the cruft.  Now I finally started over with a sensibile
partition scheme and so on, and I'd like to keep my system stable for
a while.  I had a few hassles running a mixed hamm/slink box.
(nothing too major, though.) 

I realize this presents a problem as far as being an Official Package
Maintainer.  I guess I'm not quite interested in that at the moment.
I probably will be in the future.  Anyway, I'll probably just break
down in the next couple weeks and install potato on my laptop so I'll
have something to develop packages on while my desktop remains
rock stable.  

 > Also, I'd consider packaging before releasing, and uploading prereleases
 > commonly.  It's the bazzar[1] thing to do.

I've been told that before.  However, I am a Release Facist (R).  At
least one of my projects is fairly ambitious in scope and I want to
have at least the framework of my ideas implemented before releasing
it.  Why?  Just Because I Feel Like It.  It's not like my projects
going to change the world or anything.  

/me retreats to his cathedral and bars the gates against the peasantry

 > a discordian game of sink.

That's a new game to me.


[1] Entirely possible.

Reply to: