Re: maybe a (long-term) solution to the translations problem and others
Simon Richter <sjr@debian.org> writes:
> Hi,
>
> after catching up on the DDTP thread I think I also need to say something
> about this:
>
> First, I think having translations outside of .debs is bad. Second, I also
> think that relying on maintainers for updating is bad.
>
> The logical consequence (and yes, it's a technical solution to a social
> problem) for me is that we should give up the idea that a .deb has a single
> uploader. Since a .deb is an ar archive, it could be put together from
> various sources when it is being installed into the archives, where each
> source signs their parts of the file. For example, I could think of the
> following:
>
> $ ar tv foo.deb
> control.tar.gz # signed by the maintainer
> control.tar.gz.gpg
> control-de.tar.gz # signed by the translation team
> control-de.tar.gz.gpg
> data.tar.gz # signed by the maintainer
> data.tar.gz.gpg
And while your at it, allways sign the unpacked files so repacking is
possible without loosing the signature.
MfG
Goswin
Reply to: