Re: Results of the meeting in Helsinki about the Vancouver proposal
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 22-08-2005 08:24, Sven Luther wrote:
> On Sun, Aug 21, 2005 at 07:28:55PM +0200, Jonas Smedegaard wrote:
>>On 21-08-2005 03:58, Wouter Verhelst wrote:
>>
>>
>>>We also came to the conclusion that some of the requirements proposed in
>>>Vancouver would make sense as initial requirements -- requirements that
>>>a port would need to fulfill in order to be allowed on the mirror
>>>network -- but not necessarily as an 'overall' requirement -- a
>>>requirement that a port will always need to fulfill if it wants to be
>>>part of a stable release, even if it's already on the mirror network.
>>>Those would look like this:
>>
>>[snip]
>>
>>>Overall:
>>
>>[snip]
>>
>>>- binaries must have been built and signed by official Debian
>>> Developers
>>
>>Currently, sponsored packages are only signed, not built, by official
>>Debian Developers.
>>
>>
>>Is that intended to change, or is it a typo in the proposal?
>
>
> All packages should be built by official debian buildds anyway, not on
> developper machines with random cruft and unsecure packages installed, or even
> possibly experimental or home-modified stuff.
Ubuntu works like that: Binaries for all archs are compiled by buildd's.
But as I understand it, Debian currently do not use this scheme.
Also, as Manoj[1] and others have pointed out, sponsors are _expected_
to recompile packages they sign, but I believe it is not part of policy.
So I ask again: Is this an intended (and IMO quite welcome) change of
policy, or a typo?
- Jonas
P.S.
Please cc me on responses to this thread, as I am not subscribed to d-devel.
[1] It is pure coincidence that my IRC nick is so close to yours, Manoj.
It was Micah suggesting to use my first name backwards when other
obvious options was taken... :-)
- --
* Jonas Smedegaard - idealist og Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
- Enden er nær: http://www.shibumi.org/eoti.htm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDCZqFn7DbMsAkQLgRAjKRAJ9qGdwiFmySH6JpHiOF0grWNbfOoACgj5HE
0W9rt9aOo3wlb0Csb3zzThk=
=4p9z
-----END PGP SIGNATURE-----
Reply to: