On Sat, 11 Dec 2004, Goswin von Brederlow wrote:
> Adam Heath <[EMAIL PROTECTED]> writes:
> > On Fri, 10 Dec 2004, Santiago Vila wrote:
> >> On Sat, 11 Dec 2004, Dan Jacobson wrote:
> >> > Say, perhaps a "Date:" field could be added to Packages files.
> >> Even offline, files have time stamps in most modern filesystems out there.
> >> usually as available as the file itself.
> > Timestamp of the .ar members.
> The timestamp would not reflect when the file was added to testing for
> example.

And of course there is the "please lets get signed debs already" solution,
where the date stamp on the signatures themselves would tell us:
  1. When the .deb was built / autobuilt
  2. When the .deb was installed into the archive

(plus any more events we care to "stamp" with a signature).

Since DAK could then enforce (1) is done by a Debian developer in the
keyring (proper sponsorship procedure enforcement), or by an "accredited"
autobuilder.  Maybe it could even enforce that (2) is done either by
dinstall or by a ftp-master for completeness. It would be trivial to get the
canonical dates while doing the signature processing.

As for adding that as a field to the packaging, well, I understand DAK has a
proper database to keep such stuff, so that's where it should go in this
case I think.

  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply via email to