From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-dev/20100927/000310.html | 80 +++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 zarb-ml/mageia-dev/20100927/000310.html (limited to 'zarb-ml/mageia-dev/20100927/000310.html') diff --git a/zarb-ml/mageia-dev/20100927/000310.html b/zarb-ml/mageia-dev/20100927/000310.html new file mode 100644 index 000000000..10c1157c9 --- /dev/null +++ b/zarb-ml/mageia-dev/20100927/000310.html @@ -0,0 +1,80 @@ + + + + [Mageia-dev] Will this work for a build system? + + + + + + + + + +

[Mageia-dev] Will this work for a build system?

+ R James + upsnag2 at gmail.com +
+ Mon Sep 27 17:16:18 CEST 2010 +

+
+ +
On Mon, Sep 27, 2010 at 5:31 AM, Buchan Milne <bgmilne at multilinks.com> wrote:
+>
+> IMHO, you should also keep the public keys of tarball signers. Please have a
+> look at the samba SPEC file, which does verification of the tarball signature
+> during %prep. In conjunction with the existing build tools (repsys/mdvsys
+> etc.), a single command ('mdvsys update samba xxx') currently (usually)
+> updates and submits the package, and building it at any time validates the
+> source tarball.
+>
+> Actually, I still need to petition other security-sensitive packages which
+> have previously said that tarball signing is irrelevant (due to the problem of
+> first establishing trust of public keys etc.).
+>
+For the initial launch of Mageia, I understand the benefits of having
+a trusted build system in a controlled data center.  Its safe, simple
+and when the initial deployment issues arise, physical access to the
+servers may be required.
+
+However, if a system is devised which allows known/trusted
+contributors to provide good hardware and bandwidth for package
+building, I'd be very willing to participate. :-)
+
+Thanks again,
+Rick
+
+ + + +
+

+ +
+More information about the Mageia-dev +mailing list
+ -- cgit v1.2.1