[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: Signed packages and translations

Hi Simon,

On Sat, Sep 01, 2001 at 07:59:32AM +0200, Simon Richter wrote:
> after a long night, I have a first draft of my proposal that defines
> signed packages and translations added to existing binary packages.
> <getting asbestos suit>

I like it. :) However, you mostly describe the purely technical
aspects and not what changes would result in other areas. I think
there's a lot more to consider:

- What happens if someone does an NMU - how do we prevent him from
  uploading e.g. outdated translations? The easiest way might be a
  rule "never update translations in NMUs". Or maybe check timestamps
  of the .ar members?

- How do bug reports get routed to the right place (program bug vs.
  translation errors)?

- How do we deal with out-of-date translations? Just delete them when
  the maintainer uploads a changed version?

- How do we avoid that a package is updated too often? Updating the
  .deb for each translation change is far too often - maybe add any
  new translations the moment the package moves from unstable to
  testing? Obviously, people using unstable will then not benefit from
  the translations.

- What would source packages look like for such a system? It /is/
  possible to continue to use the old .orig.tar.gz + diff.gz, but
  automatic updates for new translations would invalidate the
  maintainer's signature. Should we seize the opportunity to switch to
  a more flexible source package format? Or just switch to
  .orig.tar.gz + diff.gz + .i18n.tar.gz?

All the best,


  __   _
  |_) /|  Richard Atterer     |  CS student at the Technische  |  GnuPG key:
  | \/¯|  http://atterer.net  |  Universität München, Germany  |  0x888354F7
  ¯ ´` ¯

Attachment: pgpOyg_SsrDqo.pgp
Description: PGP signature

Reply to: