[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Revival of the signed debs discussion

Op wo 03-12-2003, om 10:09 schreef Andreas Barth:
> > > file back signed by the build admin. The debian archive scripts
> > > accepts packages signed by a buildd-key only if it is a binary package
> > > for this architecture, the key is valid (i.e. in the right year), and
> > > this package has been handed out to this autobuilder for building.
> > 
> > Valid for the autobuilder the package has been handed to and that send
> > it in and if the changes file is correct.
> > 
> > But what if the buildd failed and someone manually build the deb,
> > signes it and uploads? The debian archive scripts would need a way to
> > distinguish between autobuild packages and manually build binary-only
> > uploads.

I don't see why that would be the case. Could you elaborate?

> The archive script would of course continue to accept any deb by any
> DD under the same conditions as today. The question to the
> buildd-admins is: How often does this happen?

Hardly ever, if at all. Most "manual" bin-NMU's are done by people that
are not buildd admins.

> Does this need special
> handling, or is it ok for them if they sign in these rare cases with
> their normal key?

I don't see why that wouldn't be the case (but perhaps that's related to
the above)

Wouter Verhelst
Debian GNU/Linux -- http://www.debian.org
Nederlandstalige Linux-documentatie -- http://nl.linux.org
"Stop breathing down my neck." "My breathing is merely a simulation."
"So is my neck, stop it anyway!"
  -- Voyager's EMH versus the Prometheus' EMH, stardate 51462.

Attachment: signature.asc
Description: Dit berichtdeel is digitaal ondertekend

Reply to: