public inbox for [email protected]
help / color / mirror / Atom feedFrom: Devrim GÜNDÜZ <[email protected]>
To: Simon Riggs <[email protected]>
Cc: Dave Page <[email protected]>
Cc: Magnus Hagander <[email protected]>
Cc: Scott Mead <[email protected]>
Cc: [email protected] <[email protected]>
Subject: Re: Linux Downloads page change
Date: Mon, 09 Jul 2012 15:10:15 +0300
Message-ID: <[email protected]> (raw)
In-Reply-To: <CA+U5nMJqmeepcZ1vg24UrHHtKC+zXjgSy-u-peRmJNW2EFJy-A@mail.gmail.com>
References: <CAKq0gvKgeckkBa0xm6xsrmNvk=Cm6zPP4n1O3CQCvDUvCYCs8w@mail.gmail.com>
<CABUevEyONmEeqwU4VJgs8vTV3yW3dsNLPiFfPnAKJOCLgYbvYA@mail.gmail.com>
<CAKq0gvL-s4_Mk0ztGh+yywH5v4Jvnm2Fs2k-gq2wcrW+kfY2xQ@mail.gmail.com>
<[email protected]>
<[email protected]>
<[email protected]>
<CA+OCxoxExqHx_ZNRpvmJpVoNCOa9yO4C3HTZ4Ob7e32Wn2+fcQ@mail.gmail.com>
<CABUevEzm09To=uzW=+F==G98HK2YZNXsXwv+NW-7uOgqGLOxoQ@mail.gmail.com>
<CA+OCxox1pCaXvOeVmv0gECbXsOqGeXQL-O2QsyWmFS9ZvCkjbg@mail.gmail.com>
<CABUevEx_7-Xm+z5oc+61TuHzSbu34fWAKiRxAXjGwfCzff=OZA@mail.gmail.com>
<CA+OCxoyGPVRQ+1tnxGuFS1JACr1QJUchS90qxXHuN_YTUNj8QA@mail.gmail.com>
<CA+U5nMK86koEcfkBwUWRPqGTT1b8Qjp3hN=pk3to+kqaUoWp=w@mail.gmail.com>
<CA+OCxoxxW3EOoLpWuTk=GW2Hr-Z+8m0_oN2QUQCMpVss6R+DDw@mail.gmail.com>
<CA+U5nMKyzv6B7ywGv8BLfwig1wgimp0keo9rKUpaLpnANuiH+w@mail.gmail.com>
<[email protected]>
<CA+U5nMJqmeepcZ1vg24UrHHtKC+zXjgSy-u-peRmJNW2EFJy-A@mail.gmail.com>
Hi
On Mon, 2012-07-09 at 12:41 +0100, Simon Riggs wrote:
> IMHO we should only list binaries on the postgresql.org website if
> they are derived from build information that is owned by the PGDG, or
> at very least publicly available at the time of the build and likely
> to remain so afterwards.
I agree with this.
> That process should be automatic as far as possible, to minimise
> error, since the number of users of those binaries is now very large.
*Community RPMs* are more or less automated: There are some steps that
has to be done manually: Updating spec files, signing RPMs, performing
QA and then pushing to the repositories. Currently, when we build an
RPM, it passes through 3 separate tubes until it reaches final position.
We do the QA on first two tubes, since the last rsync is just a mirror
of the staging repository.
> Unverifiable binaries are a quality and security risk to the project.
Agreed -- and that is what me, Dave, etc., also think.
Regards,
--
Devrim GÜNDÜZ
Principal Systems Engineer @ EnterpriseDB: http://www.enterprisedb.com
PostgreSQL Danışmanı/Consultant, Red Hat Certified Engineer
Community: devrim~PostgreSQL.org, devrim.gunduz~linux.org.tr
http://www.gunduz.org Twitter: http://twitter.com/devrimgunduz
Attachments:
[application/pgp-signature] signature.asc (198B, 2-signature.asc)
download
view thread (56+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: Linux Downloads page change
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox