Never heard about something like this....-----Original Message-----Never considered it in the past as I always did the builds. I think it is a valid problem though. Is there any way we can sign the source code such that when it's compiled we can verify that it was unmodified source?
From: Rapha�l Enrici [mailto:[EMAIL PROTECTED] Sent: 09 August 2003 19:14
To: [EMAIL PROTECTED]
Subject: [pgadmin-hackers] Contributed packages and trust problem ?
Giuseppe Sacco contributed today a build of the debian packages for PowerPC architecture based on our Debian Source packages. As he is a member of the debian project, I think we can consider him as a trusty person. But what about other persons that may contribute builds for other architectures ? Did you faced this "problem" in the past ?
As RPM and DEB packages integrates gpg signatures, I just wanted to know if their were a pgp/gpg key global to the pgAdmin team, something that was used to sign the files of the project like binaries, sources, etc.Is there something done for the moment ? Shall someone sign the files ? Shall every packager sign its own package ? I'm currently looking to what's done in Debian and will give you some feedback on it.What did you have in mind, a pgp sig for each file? I don't see that as a problem for each packager to create.
I'm ok to sign deb package by myself.
And wanted to know if you used by the past to sign the files ? For example the source tarball and win32 packages.
Regards,
Rapha�l
---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match
