Re: Results of the meeting in Helsinki about the Vancouver proposal
On Sun, Aug 21, 2005 at 07:28:55PM +0200, Jonas Smedegaard wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On 21-08-2005 03:58, Wouter Verhelst wrote:
> > We also came to the conclusion that some of the requirements proposed in
> > Vancouver would make sense as initial requirements -- requirements that
> > a port would need to fulfill in order to be allowed on the mirror
> > network -- but not necessarily as an 'overall' requirement -- a
> > requirement that a port will always need to fulfill if it wants to be
> > part of a stable release, even if it's already on the mirror network.
> > Those would look like this:
> > Overall:
> > - binaries must have been built and signed by official Debian
> > Developers
> Currently, sponsored packages are only signed, not built, by official
> Debian Developers.
> Is that intended to change, or is it a typo in the proposal?
All packages should be built by official debian buildds anyway, not on
developper machines with random cruft and unsecure packages installed, or even
possibly experimental or home-modified stuff.