[Sugar-devel] Activity packaging problems
dr at jones.dk
Sat Dec 20 12:17:19 EST 2008
-----BEGIN PGP SIGNED MESSAGE-----
On Sat, Dec 20, 2008 at 01:30:30PM +0100, Marco Pesenti Gritti wrote:
>I listed all the problems I'm aware of, which are currently blocking
>If you are packaging activities and you run into any (non distribution
>specific) issue, please add to the list.
Please consider republishing latest 0.82.x tarballs at sugarlabs.org, so
that distributors can refer to a single upstream location for both
stable and development sources.
Please do not generate new tarballs from Git, but copy the already
generated tarballs from laptop.org, to not break md5sums verifications
used by some distros.
A nice add-on hint: Consider using the tool "pristine-tar" to embed into
the Git repository enough data to reconstruct a binary identical tarball
only from Git data.
Oh, and another nice add-on: Consider publishing official md5sum for
officially released tarballs, and consider PGP-signing emails announcing
official releases. Even without official infrastructure or policies,
such individual efforts help minimize the possibility of broken or
tampered sources and thus raise security a bit.
This one posted only to sugarlabs list. Feel free to forward to other
lists if you judge it relevant...
* Jonas Smedegaard - idealist og Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Sugar-devel