On Sun 15 Apr, Philip Charles wrote:
> On Sat, 14 Apr 2001, Jason Gunthorpe wrote:
> > CD's may in fact contain content from the Debian site and it should be
> > possible to validate that content was part of a Debian release without
> > having to jump through any special hopps. That is independent of anything
> > else on the CDs.
> It is not a simplification. It is drawing boundaries. Is Debian
> responsible for Libranet, Corel, Stormix, and Progeny? I may be the only
> person in NZ that is offering vendor versions of Debian to the public, but
> there are others here doing this as consultants and in an in-house role.
> I think that you would be surprised just how much of this is happening
> world wide. Is Debian responsible for these?
> I suggest that Debian's responsibility for the integrity of CDs stops with
> the Official CD images.
> I take great care to ensure the integrity Debian packages included on my
> custom CDs, but in the last analysis the responsibility is mine. I would
> welcome any additional tools to check what I do.
> CDs are best viewed as an entity of their own and not an extension of the
> Official archive. Those responsible for the the creation of the Official
> discs keep close to the Official archive structure as possible. However,
> debian-cd and boot-floppies are very flexible and coupled with the present
> installation tools great and wondrous installation CDs can be built and
> used in peculiar ways. The ability to build these specialised CDs is one
> of the great strengths of Debian. People need to be involved in the
> Debian CD field to understand what can be done. Some of the less standard
> ways of using CDs have been mentioned in the discussion so far, and there
> are many more. Do not mess with this flexibility. If you do then you are
> in danger of destroying one of Debian's great strengths.
I have to say that my understanding of the details of apt, debian-cd etc is
such that I feel I don't have a good enough grip on the details of this
argument to say anything very useful about things should be done.
However this mail sums up my feelings sufficiently well that I feel I should
post saying so. I'm one of those people that produce custom Debian CDs and I
do it because the marvellous tools make it sufficiently do-able that a small
outfit can produce significantly or only slightly customized CDs from a
partial archive.
I am much more interested in still being able to do this than I am in
improving the security. If we can have both then all then well and good.
If I understand the discussion correctly then all the proposed changes
will still work for someone producing CDs containing a subset of debian
packages plus some of their own changed packages using debian-cd - is that
right? If so then fine. I do like the fact that a CD on it's own is a valid
archive too (I use loopback mounted ISOs too), but I could live without this
so long as debian-CD still makes me customized CDs, preferably without me
having to sign loads of (any) files.
As someone (Philip, I think) said - can someone point to a doc which explains
why change is felt to be necessary? I don't really understand where we came
in...
Wookey
--
Aleph One Ltd, Bottisham, CAMBRIDGE, CB5 9BA, UK Tel (00 44) 1223 811679
work: http://www.aleph1.co.uk/ play: http://www.chaos.org.uk/~wookey/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
