[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Results of the meeting in Helsinki about the Vancouver proposal

Hash: SHA1

On 22-08-2005 08:24, Sven Luther wrote:
> On Sun, Aug 21, 2005 at 07:28:55PM +0200, Jonas Smedegaard wrote:

>>On 21-08-2005 03:58, Wouter Verhelst wrote:
>>>We also came to the conclusion that some of the requirements proposed in
>>>Vancouver would make sense as initial requirements -- requirements that
>>>a port would need to fulfill in order to be allowed on the mirror
>>>network -- but not necessarily as an 'overall' requirement -- a
>>>requirement that a port will always need to fulfill if it wants to be
>>>part of a stable release, even if it's already on the mirror network.
>>>Those would look like this:
>>>- binaries must have been built and signed by official Debian
>>>  Developers
>>Currently, sponsored packages are only signed, not built, by official
>>Debian Developers.
>>Is that intended to change, or is it a typo in the proposal?
> All packages should be built by official debian buildds anyway, not on
> developper machines with random cruft and unsecure packages installed, or even
> possibly experimental or home-modified stuff.

Ubuntu works like that: Binaries for all archs are compiled by buildd's.
But as I understand it, Debian currently do not use this scheme.

Also, as Manoj[1] and others have pointed out, sponsors are _expected_
to recompile packages they sign, but I believe it is not part of policy.

So I ask again: Is this an intended (and IMO quite welcome) change of
policy, or a typo?

 - Jonas


Please cc me on responses to this thread, as I am not subscribed to d-devel.

[1] It is pure coincidence that my IRC nick is so close to yours, Manoj.
It was Micah suggesting to use my first name backwards when other
obvious options was taken... :-)

- --
* Jonas Smedegaard - idealist og Internet-arkitekt
* Tlf.: +45 40843136  Website: http://dr.jones.dk/

 - Enden er nær: http://www.shibumi.org/eoti.htm
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


Reply to: