Op wo 03-12-2003, om 10:09 schreef Andreas Barth: > > > file back signed by the build admin. The debian archive scripts > > > accepts packages signed by a buildd-key only if it is a binary package > > > for this architecture, the key is valid (i.e. in the right year), and > > > this package has been handed out to this autobuilder for building. > > > > Valid for the autobuilder the package has been handed to and that send > > it in and if the changes file is correct. > > > > But what if the buildd failed and someone manually build the deb, > > signes it and uploads? The debian archive scripts would need a way to > > distinguish between autobuild packages and manually build binary-only > > uploads. I don't see why that would be the case. Could you elaborate? > The archive script would of course continue to accept any deb by any > DD under the same conditions as today. The question to the > buildd-admins is: How often does this happen? Hardly ever, if at all. Most "manual" bin-NMU's are done by people that are not buildd admins. > Does this need special > handling, or is it ok for them if they sign in these rare cases with > their normal key? I don't see why that wouldn't be the case (but perhaps that's related to the above) -- Wouter Verhelst Debian GNU/Linux -- http://www.debian.org Nederlandstalige Linux-documentatie -- http://nl.linux.org "Stop breathing down my neck." "My breathing is merely a simulation." "So is my neck, stop it anyway!" -- Voyager's EMH versus the Prometheus' EMH, stardate 51462.
Attachment:
signature.asc
Description: Dit berichtdeel is digitaal ondertekend