> -----Original Message----- > From: Rapha�l Enrici [mailto:[EMAIL PROTECTED] > Sent: 09 August 2003 19:14 > To: [EMAIL PROTECTED] > Subject: [pgadmin-hackers] Contributed packages and trust problem ? > > > Dear all, > > here is a question on which I'd like to get your opinion. > Giuseppe Sacco > contributed today a build of the debian packages for PowerPC > architecture based on our Debian Source packages. As he is a > member of > the debian project, I think we can consider him as a trusty > person. But > what about other persons that may contribute builds for other > architectures ? Did you faced this "problem" in the past ?
Never considered it in the past as I always did the builds. I think it is a valid problem though. Is there any way we can sign the source code such that when it's compiled we can verify that it was unmodified source? > Is everybody ok to upload his files on snake (I vote yes) ? > Another thing I wanted to talk about since days concerns > signing of our > packages. Is there something done for the moment ? Shall someone sign > the files ? Shall every packager sign its own package ? I'm currently > looking to what's done in Debian and will give you some > feedback on it. What did you have in mind, a pgp sig for each file? I don't see that as a problem for each packager to create. Regards, Dave. ---------------------------(end of broadcast)--------------------------- TIP 7: don't forget to increase your free space map settings
