[Sugar-devel] Activity packaging problems

Marco Pesenti Gritti marcopg at sugarlabs.org
Sat Dec 20 12:40:42 EST 2008

Previous message: [Sugar-devel] Activity packaging problems
Next message: [Sugar-devel] Activity packaging problems
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Dec 20, 2008 at 6:17 PM, Jonas Smedegaard <dr at jones.dk> wrote:
> Please consider republishing latest 0.82.x tarballs at sugarlabs.org, so
> that distributors can refer to a single upstream location for both
> stable and development sources.

Good point, done.

> Please do not generate new tarballs from Git, but copy the already
> generated tarballs from laptop.org, to not break md5sums verifications
> used by some distros.

We are leaving the old one on laptop.org for now.

> A nice add-on hint: Consider using the tool "pristine-tar" to embed into
> the Git repository enough data to reconstruct a binary identical tarball
> only from Git data.

Oh, interesting! I'll check it out in detail.

> Oh, and another nice add-on: Consider publishing official md5sum for
> officially released tarballs, and consider PGP-signing emails announcing
> official releases. Even without official infrastructure or policies,
> such individual efforts help minimize the possibility of broken or
> tampered sources and thus raise security a bit.

Yeah, we should be able to do this pretty easily for Sucrose.

Marco

Previous message: [Sugar-devel] Activity packaging problems
Next message: [Sugar-devel] Activity packaging problems
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Sugar-devel mailing list