Re: Results of the meeting in Helsinki about the Vancouver proposal

To: debian-devel@lists.debian.org
Subject: Re: Results of the meeting in Helsinki about the Vancouver proposal
From: Jonas Smedegaard <dr@jones.dk>
Date: Mon, 22 Aug 2005 11:27:33 +0200
Message-id: <[🔎] 43099A85.6020703@jones.dk>
In-reply-to: <[🔎] 20050822062417.GA16866@localhost.localdomain>
References: <20050821015824.GT16930@country.grep.be> <[🔎] 4308B9D7.4050305@jones.dk> <[🔎] 20050822062417.GA16866@localhost.localdomain>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 22-08-2005 08:24, Sven Luther wrote:
> On Sun, Aug 21, 2005 at 07:28:55PM +0200, Jonas Smedegaard wrote:

>>On 21-08-2005 03:58, Wouter Verhelst wrote:
>>
>>
>>>We also came to the conclusion that some of the requirements proposed in
>>>Vancouver would make sense as initial requirements -- requirements that
>>>a port would need to fulfill in order to be allowed on the mirror
>>>network -- but not necessarily as an 'overall' requirement -- a
>>>requirement that a port will always need to fulfill if it wants to be
>>>part of a stable release, even if it's already on the mirror network.
>>>Those would look like this:
>>
>>[snip]
>>
>>>Overall:
>>
>>[snip]
>>
>>>- binaries must have been built and signed by official Debian
>>>  Developers
>>
>>Currently, sponsored packages are only signed, not built, by official
>>Debian Developers.
>>
>>
>>Is that intended to change, or is it a typo in the proposal?
> 
> 
> All packages should be built by official debian buildds anyway, not on
> developper machines with random cruft and unsecure packages installed, or even
> possibly experimental or home-modified stuff.

Ubuntu works like that: Binaries for all archs are compiled by buildd's.
But as I understand it, Debian currently do not use this scheme.

Also, as Manoj[1] and others have pointed out, sponsors are _expected_
to recompile packages they sign, but I believe it is not part of policy.

So I ask again: Is this an intended (and IMO quite welcome) change of
policy, or a typo?


 - Jonas

P.S.

Please cc me on responses to this thread, as I am not subscribed to d-devel.


[1] It is pure coincidence that my IRC nick is so close to yours, Manoj.
It was Micah suggesting to use my first name backwards when other
obvious options was taken... :-)

- --
* Jonas Smedegaard - idealist og Internet-arkitekt
* Tlf.: +45 40843136  Website: http://dr.jones.dk/

 - Enden er nær: http://www.shibumi.org/eoti.htm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDCZqFn7DbMsAkQLgRAjKRAJ9qGdwiFmySH6JpHiOF0grWNbfOoACgj5HE
0W9rt9aOo3wlb0Csb3zzThk=
=4p9z
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: Results of the meeting in Helsinki about the Vancouver proposal
  - From: Manoj Srivastava <srivasta@debian.org (va, manoj)>

References:
- Re: Results of the meeting in Helsinki about the Vancouver proposal
  - From: Jonas Smedegaard <dr@jones.dk>
- Re: Results of the meeting in Helsinki about the Vancouver proposal
  - From: Sven Luther <sven.luther@wanadoo.fr>

Prev by Date: Re: Will the amd64 port be rejected because of the 98% rule?
Next by Date: Re: vancouver revisited
Previous by thread: Re: Using buildds only
Next by thread: Re: Results of the meeting in Helsinki about the Vancouver proposal
Index(es):
- Date
- Thread