Hi, Patrick Matthäi wrote: > Hmpf I have got an NACK for my plan from DSA. :<
How about using debian volatile [0] in order to build geoip-database and distribute it. This will solve all of the above problems mentioned in this bug: * Users will be able to get newer trusted (debian built) version of the geoip-database, built from the csv source file. * This method will work the entire life cycle of the debian stable/oldstable release, providing users with a useful and secure way to get their geoip-databases updated. * geoip maintainers will not have to maintain any new way of updating a user machine (no need for any custom cron scripts, signing or verifying) - all the users would have to do is add: deb http://volatile.debian.org/debian-volatile lenny/volatile main to their sources.list, and they'll get the geoip-database updates in a secure manner from the debian archives. * This method seems to solve the problem for other packages with the same needs. For example: clamav-data (anti virus database updates), tzdata (timezone database updates). I'll be glad to help/co-maintain the package if it'll help make this happen :) Regards, Tom Feiner [0] http://www.debian.org/devel/debian-volatile/
signature.asc
Description: OpenPGP digital signature
