Hi Simon, On Sat, Sep 01, 2001 at 07:59:32AM +0200, Simon Richter wrote: > after a long night, I have a first draft of my proposal that defines > signed packages and translations added to existing binary packages. > > <getting asbestos suit> I like it. :) However, you mostly describe the purely technical aspects and not what changes would result in other areas. I think there's a lot more to consider: - What happens if someone does an NMU - how do we prevent him from uploading e.g. outdated translations? The easiest way might be a rule "never update translations in NMUs". Or maybe check timestamps of the .ar members? - How do bug reports get routed to the right place (program bug vs. translation errors)? - How do we deal with out-of-date translations? Just delete them when the maintainer uploads a changed version? - How do we avoid that a package is updated too often? Updating the .deb for each translation change is far too often - maybe add any new translations the moment the package moves from unstable to testing? Obviously, people using unstable will then not benefit from the translations. - What would source packages look like for such a system? It /is/ possible to continue to use the old .orig.tar.gz + diff.gz, but automatic updates for new translations would invalidate the maintainer's signature. Should we seize the opportunity to switch to a more flexible source package format? Or just switch to .orig.tar.gz + diff.gz + .i18n.tar.gz? All the best, Richard -- __ _ |_) /| Richard Atterer | CS student at the Technische | GnuPG key: | \/¯| http://atterer.net | Universität München, Germany | 0x888354F7 ¯ ´` ¯
Attachment:
pgpOyg_SsrDqo.pgp
Description: PGP signature