-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 22-08-2005 08:24, Sven Luther wrote: > On Sun, Aug 21, 2005 at 07:28:55PM +0200, Jonas Smedegaard wrote:
>>On 21-08-2005 03:58, Wouter Verhelst wrote: >> >> >>>We also came to the conclusion that some of the requirements proposed in >>>Vancouver would make sense as initial requirements -- requirements that >>>a port would need to fulfill in order to be allowed on the mirror >>>network -- but not necessarily as an 'overall' requirement -- a >>>requirement that a port will always need to fulfill if it wants to be >>>part of a stable release, even if it's already on the mirror network. >>>Those would look like this: >> >>[snip] >> >>>Overall: >> >>[snip] >> >>>- binaries must have been built and signed by official Debian >>> Developers >> >>Currently, sponsored packages are only signed, not built, by official >>Debian Developers. >> >> >>Is that intended to change, or is it a typo in the proposal? > > > All packages should be built by official debian buildds anyway, not on > developper machines with random cruft and unsecure packages installed, or even > possibly experimental or home-modified stuff. Ubuntu works like that: Binaries for all archs are compiled by buildd's. But as I understand it, Debian currently do not use this scheme. Also, as Manoj[1] and others have pointed out, sponsors are _expected_ to recompile packages they sign, but I believe it is not part of policy. So I ask again: Is this an intended (and IMO quite welcome) change of policy, or a typo? - Jonas P.S. Please cc me on responses to this thread, as I am not subscribed to d-devel. [1] It is pure coincidence that my IRC nick is so close to yours, Manoj. It was Micah suggesting to use my first name backwards when other obvious options was taken... :-) - -- * Jonas Smedegaard - idealist og Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ - Enden er nær: http://www.shibumi.org/eoti.htm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDCZqFn7DbMsAkQLgRAjKRAJ9qGdwiFmySH6JpHiOF0grWNbfOoACgj5HE 0W9rt9aOo3wlb0Csb3zzThk= =4p9z -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]