[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] Arch Roadmap Draft (the anticipated part 3)

From: Jan Hudec
Subject: Re: [Gnu-arch-users] Arch Roadmap Draft (the anticipated part 3)
Date: Wed, 7 Jul 2004 12:24:51 +0200
User-agent: Mutt/1.5.6+20040523i

On Tue, Jul 06, 2004 at 19:10:53 -0500, John Meinel wrote:
> Well, you can enforce the trusted source by using gpg keys, or something
> of that nature. Obviously the return email address is not sufficient as
> that is _very_ easy to forge.

Yes. And I would add that not only the mail has to be signed with
a trusted key, but also the archive to merge from.

> As far as building in a chroot, basically any time you have a chroot you
> need any tools that you are going to use be present. So that might be
> quite a bit of work. gcc and make, etc are probably all going to have
> quite a few dependencies.

Some distros, eg. debian, build chroot as method of bootstraping. So
there are scripts to set a little environment in chroot.

> My guess is that before doing that, you get the trusted source worked
> out, and then don't worry about it for now.
> However, if you read James Blackwell's email, he mentions
> 1. if necessary, register the submitted archive
> And that means that you have never seen this archive before. Now, you
> might be configured to accept submissions from someone without having
> their archive already.
> I think the idea was that lots of people are going to ask Tom to merge
> there little fixes, and it would be nice to give him a simple "this is
> what changed". But I'm guessing some of that might be better handled by
> the Lieutenants scheme. You could do everything up to the "make, make
> test", report that to a web page, with a button saying "test this". Once
> that was selected, it would "make, make test" and then another page is
> generated with "approve and merge".

Except I think e-mail interface would be better. I think the results
should show up it Bug Goo's reply and approving should be done by
posting a signed follow-up with some command. Perhaps Bug Goo should
sign it's posts to the list, too.

                                                 Jan 'Bulb' Hudec 

Attachment: signature.asc
Description: Digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]