Received: from makus.postgresql.org (makus.postgresql.org [98.129.198.125]) by mail.postgresql.org (Postfix) with ESMTP id 01CA616FA501 for ; Mon, 9 Jul 2012 09:11:18 -0300 (ADT) Received: from ns1.gunduz.org ([77.79.103.58]) by makus.postgresql.org with esmtp (Exim 4.72) (envelope-from ) id 1SoCo7-0008QT-QH for pgsql-www@postgresql.org; Mon, 09 Jul 2012 12:11:18 +0000 Received: from [192.168.1.210] (unknown [178.251.45.164]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ns1.gunduz.org (Postfix) with ESMTPSA id 5A27561974; Mon, 9 Jul 2012 12:06:15 +0000 (UTC) Message-ID: <1341835813.9579.18.camel@lenovo01-laptop03.gunduz.org> Subject: Re: Linux Downloads page change From: Devrim =?ISO-8859-1?Q?G=DCND=DCZ?= To: Simon Riggs Cc: Dave Page , Magnus Hagander , Scott Mead , "pgsql-www@postgresql.org" In-Reply-To: References: <1341692590.1122.1.camel@lenovo01-laptop03.gunduz.org> <2476F91B-A1B2-45DA-96EB-8F33C79A0E05@openscg.com> <1341781012.3451.0.camel@lenovo01-laptop03.gunduz.org> <1341833486.9579.8.camel@lenovo01-laptop03.gunduz.org> Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-eKEc0nC1N35GjJyWQTcZ" Date: Mon, 09 Jul 2012 15:10:15 +0300 Mime-Version: 1.0 X-Mailer: Evolution 3.4.3 (3.4.3-1.fc17) X-Pg-Spam-Score: -1.9 (-) X-Archive-Number: 201207/55 X-Sequence-Number: 20804 --=-eKEc0nC1N35GjJyWQTcZ Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi On Mon, 2012-07-09 at 12:41 +0100, Simon Riggs wrote: > IMHO we should only list binaries on the postgresql.org website if > they are derived from build information that is owned by the PGDG, or > at very least publicly available at the time of the build and likely > to remain so afterwards. I agree with this. > That process should be automatic as far as possible, to minimise > error, since the number of users of those binaries is now very large. *Community RPMs* are more or less automated: There are some steps that has to be done manually: Updating spec files, signing RPMs, performing QA and then pushing to the repositories. Currently, when we build an RPM, it passes through 3 separate tubes until it reaches final position. We do the QA on first two tubes, since the last rsync is just a mirror of the staging repository. > Unverifiable binaries are a quality and security risk to the project. Agreed -- and that is what me, Dave, etc., also think. Regards, --=20 Devrim G=C3=9CND=C3=9CZ Principal Systems Engineer @ EnterpriseDB: http://www.enterprisedb.com PostgreSQL Dan=C4=B1=C5=9Fman=C4=B1/Consultant, Red Hat Certified Engineer Community: devrim~PostgreSQL.org, devrim.gunduz~linux.org.tr http://www.gunduz.org Twitter: http://twitter.com/devrimgunduz --=-eKEc0nC1N35GjJyWQTcZ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEABECAAYFAk/6yiUACgkQtl86P3SPfQ5Y1ACfWGvNgxtWIxAR+yAlHf3WDaS4 Sd0An3QCewFkxsYyQQ6QaHevOm+APQdO =z3mi -----END PGP SIGNATURE----- --=-eKEc0nC1N35GjJyWQTcZ--