ext Andrew Flegg <and...@bleb.org> writes: > Marius wrote: > >> I think the following could work: >> >> - We start signing Diablo Maemo Extras. > > [...] > > * AIUI, the only technical step here is to sign the Release file > with the GPG key.
Yes. >> - We put a "maemo-community-archive-keyring" package or something into Diablo >> Maemo Extras that contains the public key needed to verify the signature. >> It also contains a new "package domain" with a trust level of 600. > > The "package domain"s are entirely Application Manager specific, IIRC? Yes. > Does "sort-weight" in nokia-repository's postinst correspond to the > "trust level"? No, not at all. The sort-weight is used to sort the catalogues when displaying them in the UI. Package domains are 'orthogonal' to catalogues and repositories. They are connected by the signature of the Release file. The AM looks at the keys that have been used to sign the Release file and associates each package with a package domain. Package domains are configured in /etc/hildon-application-manager/domains. You will find the trust level in there, among other things. See here http://hildon-app-mgr.garage.maemo.org/repos-stable.html for a bit more. > First step, I'd suggest would be a small rollout: > > * hildon-application-manager 1:2.1.xx-community (where xx > 19) > * hildon-application-manaer-l10n 5.1-community > * osso-software-version-rx* 1:6.2009.nn-community I would lose the "community" suffix, actually. The osso-software-version-rx* package could get a display name that clearly spells out that this is not from Nokia. _______________________________________________ maemo-developers mailing list maemo-developers@maemo.org https://lists.maemo.org/mailman/listinfo/maemo-developers
