Re: RFC: Signed packages and translations
On Sat, 1 Sep 2001, Richard Atterer wrote:
> - What happens if someone does an NMU - how do we prevent him from
> uploading e.g. outdated translations? The easiest way might be a
> rule "never update translations in NMUs". Or maybe check timestamps
> of the .ar members?
Normally one should not upload translations at all but leave that to the
install scripts. They should check that the translations in the database
are still up to date, add them if so and alert the translation team if
> - How do bug reports get routed to the right place (program bug vs.
> translation errors)?
Interesting point. I don't have an answer for that now. Ideas welcome...
> - How do we deal with out-of-date translations? Just delete them when
> the maintainer uploads a changed version?
I think that's up to the translation team, how they keep their database.
> - How do we avoid that a package is updated too often? Updating the
> .deb for each translation change is far too often - maybe add any
> new translations the moment the package moves from unstable to
> testing? Obviously, people using unstable will then not benefit from
> the translations.
I don't think that will be too often. It will be fairly often when
descriptions change, but they usually don't. People who already have the
package installed will not automatically get an upgrade unless they tell
apt to --reinstall, people who don't have it installed get the most recent
version with all available translations.
> - What would source packages look like for such a system? It /is/
> possible to continue to use the old .orig.tar.gz + diff.gz, but
> automatic updates for new translations would invalidate the
> maintainer's signature. Should we seize the opportunity to switch to
> a more flexible source package format? Or just switch to
> .orig.tar.gz + diff.gz + .i18n.tar.gz?
I don't think translations should be in the source package at all, however
we will need a mechanism to add the translations if someone builds a
package for himself. Hrm, point taken and added to the list of open
GPG public key available from http://phobos.fs.tum.de/pgp/Simon.Richter.asc
Fingerprint: DC26 EB8D 1F35 4F44 2934 7583 DBB6 F98D 9198 3292
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!