Re: Facilitating external repositories
On Sat, Jun 6, 2015 at 8:13 AM, Brian May wrote:
> the software is far to volatile (e.g. important bug fixes on a weekly basis)
We have a place for such software: experimental
> I don't want old versions hanging around any longer then absolutely required
We have a place for such software: experimental
>. It is also a very narrow market, possibly not of
> general interest to the Debian community (this is hard to determine however;
> maybe what this needs right now is expanded exposure).
We have a lot of obscure software in Debian already, the size of the
audience shouldn't matter.
> There was also the (slightly confusing) perception in management that they
> had to tightly control ownership and distribution, despite it being open
> source GPL software, available on github, etc.
We probably shouldn't distribute it if upstream doesn't want us to though.
> I note the original poster mentioned Ubuntu PPAs and add-apt-repository; my
> understanding is that these don't solve the trust issue, I seem to recall
> the user is shown a fingerprint and asked to confirm it is correct (based on
> what???) - however I don't have an Ubuntu box I can test this on right now.
I would guess based on the OpenPGP web of trust or the user's trust in
their OS that trusts the SSL CA that signed the Launchpad certs.
--
bye,
pabs
https://wiki.debian.org/PaulWise
http://bonedaddy.net/pabs3/
http://wiki.openmoko.org/wiki/User:PaulWise
Reply to: