public inbox for [email protected]
help / color / mirror / Atom feedFrom: Dave Page <[email protected]>
To: Magnus Hagander <[email protected]>
Cc: Simon Riggs <[email protected]>
Cc: Devrim GÜNDÜZ <[email protected]>
Cc: Scott Mead <[email protected]>
Cc: [email protected] <[email protected]>
Subject: Re: Linux Downloads page change
Date: Mon, 9 Jul 2012 13:17:36 +0100
Message-ID: <CA+OCxoy6ckWMZ5UMkuq2Ha1P3oUYJAX6WtGNMbpxwdGDd5EMoQ@mail.gmail.com> (raw)
In-Reply-To: <CABUevEwCpo1zXbS62fpRNDJEJi_qvRLoEJjKjFb24E1M6eyE_A@mail.gmail.com>
References: <CAKq0gvKgeckkBa0xm6xsrmNvk=Cm6zPP4n1O3CQCvDUvCYCs8w@mail.gmail.com>
<CABUevEyONmEeqwU4VJgs8vTV3yW3dsNLPiFfPnAKJOCLgYbvYA@mail.gmail.com>
<CAKq0gvL-s4_Mk0ztGh+yywH5v4Jvnm2Fs2k-gq2wcrW+kfY2xQ@mail.gmail.com>
<[email protected]>
<[email protected]>
<[email protected]>
<CA+OCxoxExqHx_ZNRpvmJpVoNCOa9yO4C3HTZ4Ob7e32Wn2+fcQ@mail.gmail.com>
<CABUevEzm09To=uzW=+F==G98HK2YZNXsXwv+NW-7uOgqGLOxoQ@mail.gmail.com>
<CA+OCxox1pCaXvOeVmv0gECbXsOqGeXQL-O2QsyWmFS9ZvCkjbg@mail.gmail.com>
<CABUevEx_7-Xm+z5oc+61TuHzSbu34fWAKiRxAXjGwfCzff=OZA@mail.gmail.com>
<CA+OCxoyGPVRQ+1tnxGuFS1JACr1QJUchS90qxXHuN_YTUNj8QA@mail.gmail.com>
<CA+U5nMK86koEcfkBwUWRPqGTT1b8Qjp3hN=pk3to+kqaUoWp=w@mail.gmail.com>
<CA+OCxoxxW3EOoLpWuTk=GW2Hr-Z+8m0_oN2QUQCMpVss6R+DDw@mail.gmail.com>
<CA+U5nMKyzv6B7ywGv8BLfwig1wgimp0keo9rKUpaLpnANuiH+w@mail.gmail.com>
<[email protected]>
<CA+U5nMJqmeepcZ1vg24UrHHtKC+zXjgSy-u-peRmJNW2EFJy-A@mail.gmail.com>
<CA+OCxozWwq4Hy-=epq2bn5StPVJ0PSt_Ejx0SDBd_Brcmtf63g@mail.gmail.com>
<CABUevEwCpo1zXbS62fpRNDJEJi_qvRLoEJjKjFb24E1M6eyE_A@mail.gmail.com>
On Mon, Jul 9, 2012 at 1:10 PM, Magnus Hagander <[email protected]> wrote:
>
>> In theory. In practice it seems unlikely anyone would ever take the
>> time and energy to build them themselves and actually verify them -
>> the effort to do so would be huge (for example, assembling the 9.2
>> build machine for the installers and building all the necessary
>> dependencies for all the supported platforms etc. has so far taken a
>> number of man weeks). To verify the binaries we put out, someone would
>> have to build an exact mirror of that environment. That's not to say
>> it shouldn't be possible of course. In fact, it wouldn't even be
>> possible, as we digitally sign some of the executables to appease
>> Windows, and we obviously cannot share that certificate.
>
> It should be possible, and it's a much smaller (though not necessarily
> small) effort if you only want to verify *one* version on *one*
> platform with *one* subset of modules.
Putting aside the signed binaries, which clearly cannot be reproduced
bit-perfect, it's really not that much smaller - versions don't matter
that much as we use the same env for each major version, and most
packages are dependent on the server build, which requires the
majority of dependencies. The only real time saver would be to only
try to reproduce a subset of the supported platforms.
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
view thread (56+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: Linux Downloads page change
In-Reply-To: <CA+OCxoy6ckWMZ5UMkuq2Ha1P3oUYJAX6WtGNMbpxwdGDd5EMoQ@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox