-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/03/2006 12:35 AM, Henrique de Moraes Holschuh wrote: > On Thu, 02 Feb 2006, Lionel Elie Mamane wrote: > >>I just realised that the timezone data in glibc is taken from an >>upstream database (namely ftp://elsie.nci.nih.gov/pub/). This data >>sometimes changes, more rapidly than our release cycle (and than any >>release cycle we can reasonable have). > > See the tz-brasil package for the current solution we have for the problem > of widely variable timezones. Brazil's tz gets updated in unpredictable > ways, sometimes more than twice a year and with little prior notice. > > That package is far from perfect (I personally don't agree with a lot of > what it does), but it might give you a few ideas. > > Bottom line: you do not need to package the timezones in volatile. You can > also have the timezones available from download, and a normal, stable > package that downloads that data, validates it, and applies it.
We raise that question in #debian-volatile (OFTC) another day... Brasil and Cuba are countries that are directly affected by this kind of situations, the governments does no use a "fixed" schedule for DayLight Savings... Brasil has even another problem that is related with the TimeZones names, pzn (Pedro Zorzenon Neto) the maintainer of tz-brasil has sent a RFC to try to define these names, but looks like it has expired. If we split timezones from libc, volatile looks like a very good approach to handle that updates, since we can have to update it a couple of times until the next release. I'm not sure but a timezone update does not fit in "security update" category (could be possible), but a package update throught a repository looks much more interesting than having a package pulling data files from people.d.o like tz-brasil does. In fact, if you consider offline situations and conditions without access to people.d.o or another site with the data files, having a pre-downloades package (like a CD with updates) is pretty handy and easier to administer. And Volatile Team takes very good care of packages that are in volatile, considering that, you can also have a normal, stable package that updates that data without need extra downloads. "Above all, do no harm". :-) Kind regards, - -- Felipe Augusto van de Wiel (faw) "Debian. Freedom to code. Code to freedom!" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFD4tdUCjAO0JDlykYRAmH9AJ9DHFwtD1p9g4+cEexXP8rNYRPyVgCeM7tx uitvHQhAnnfYcqZHUKoS+LU= =KfJX -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]