On Sat, Jun 06, 2015 at 01:48:12PM +0800, Paul Wise wrote: > On Sat, Jun 6, 2015 at 8:13 AM, Brian May wrote: > > > the software is far to volatile (e.g. important bug fixes on a weekly basis) > > We have a place for such software: experimental > > > I don't want old versions hanging around any longer then absolutely required > > We have a place for such software: experimental
That only works for people who have rights to upload something to the Debian archive. Do we really want to force all third-party developers to become DMs or DDs? Also, there are things too volatile even for experimental -- e.g., https://files.eid.belgium.be/debian/continuous contains the results of our CI builds (signed by a different key); while useful for me and people interested in following along with what's going to happen, this is hardly something that should be uploaded to experimental. (in my specific case, there is also a general feeling that the Belgian Government shouldn't point its citizens to something not compiled by systems inside government premises and/or signed by a third party) [...] > > I note the original poster mentioned Ubuntu PPAs and add-apt-repository; my > > understanding is that these don't solve the trust issue, I seem to recall > > the user is shown a fingerprint and asked to confirm it is correct (based on > > what???) - however I don't have an Ubuntu box I can test this on right now. > > I would guess based on the OpenPGP web of trust or the user's trust in > their OS that trusts the SSL CA that signed the Launchpad certs. I hadn't actually looked in detail at whether add-apt-repository solves the trust issue for PPA's; I just note that due to the fact that Ubuntu's PPA's are all on the same system, it is in theory at least possible for it to check the trust path. -- It is easy to love a country that is famous for chocolate and beer -- Barack Obama, speaking in Brussels, Belgium, 2014-03-26 -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150607092724.gb7...@grep.be
