[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: maybe a (long-term) solution to the translations problem and others

Simon Richter <sjr@debian.org> writes:

> Hi,
> after catching up on the DDTP thread I think I also need to say something
> about this:
> First, I think having translations outside of .debs is bad. Second, I also
> think that relying on maintainers for updating is bad.
> The logical consequence (and yes, it's a technical solution to a social
> problem) for me is that we should give up the idea that a .deb has a single
> uploader. Since a .deb is an ar archive, it could be put together from
> various sources when it is being installed into the archives, where each
> source signs their parts of the file. For example, I could think of the
> following:
> $ ar tv foo.deb
> control.tar.gz          # signed by the maintainer
> control.tar.gz.gpg
> control-de.tar.gz       # signed by the translation team
> control-de.tar.gz.gpg
> data.tar.gz             # signed by the maintainer
> data.tar.gz.gpg

And while your at it, allways sign the unpacked files so repacking is
possible without loosing the signature.


Reply to: