public inbox for [email protected]
help / color / mirror / Atom feedFrom: Dave Page <[email protected]>
To: Simon Riggs <[email protected]>
Cc: Devrim GÜNDÜZ <[email protected]>
Cc: Magnus Hagander <[email protected]>
Cc: Scott Mead <[email protected]>
Cc: [email protected] <[email protected]>
Subject: Re: Linux Downloads page change
Date: Mon, 9 Jul 2012 16:02:35 +0100
Message-ID: <CA+OCxoz7-Guj3861feYOTD59RNw06-5neMmSUZD+vvvvm3NvQg@mail.gmail.com> (raw)
In-Reply-To: <CA+U5nMJK9tqQ8L299nuZw_hrL-4COy1CnWdJAXSrczzNyqfqRg@mail.gmail.com>
References: <CAKq0gvKgeckkBa0xm6xsrmNvk=Cm6zPP4n1O3CQCvDUvCYCs8w@mail.gmail.com>
<CABUevEyONmEeqwU4VJgs8vTV3yW3dsNLPiFfPnAKJOCLgYbvYA@mail.gmail.com>
<CAKq0gvL-s4_Mk0ztGh+yywH5v4Jvnm2Fs2k-gq2wcrW+kfY2xQ@mail.gmail.com>
<[email protected]>
<[email protected]>
<[email protected]>
<CA+OCxoxExqHx_ZNRpvmJpVoNCOa9yO4C3HTZ4Ob7e32Wn2+fcQ@mail.gmail.com>
<CABUevEzm09To=uzW=+F==G98HK2YZNXsXwv+NW-7uOgqGLOxoQ@mail.gmail.com>
<CA+OCxox1pCaXvOeVmv0gECbXsOqGeXQL-O2QsyWmFS9ZvCkjbg@mail.gmail.com>
<CABUevEx_7-Xm+z5oc+61TuHzSbu34fWAKiRxAXjGwfCzff=OZA@mail.gmail.com>
<CA+OCxoyGPVRQ+1tnxGuFS1JACr1QJUchS90qxXHuN_YTUNj8QA@mail.gmail.com>
<CA+U5nMK86koEcfkBwUWRPqGTT1b8Qjp3hN=pk3to+kqaUoWp=w@mail.gmail.com>
<CA+OCxoxxW3EOoLpWuTk=GW2Hr-Z+8m0_oN2QUQCMpVss6R+DDw@mail.gmail.com>
<CA+U5nMKyzv6B7ywGv8BLfwig1wgimp0keo9rKUpaLpnANuiH+w@mail.gmail.com>
<[email protected]>
<CA+U5nMJqmeepcZ1vg24UrHHtKC+zXjgSy-u-peRmJNW2EFJy-A@mail.gmail.com>
<CA+OCxozWwq4Hy-=epq2bn5StPVJ0PSt_Ejx0SDBd_Brcmtf63g@mail.gmail.com>
<CA+U5nMJK9tqQ8L299nuZw_hrL-4COy1CnWdJAXSrczzNyqfqRg@mail.gmail.com>
On Mon, Jul 9, 2012 at 3:50 PM, Simon Riggs <[email protected]> wrote:
> On 9 July 2012 13:05, Dave Page <[email protected]> wrote:
>
>> Right - that's more or less what's been discussed and agreed. The
>> issue with the installers that Magnus raised, is that at present I
>> manually push the canonical GIT repo to git.postgresql.org, and often
>> forget to do it until reminded. That was raised in response to my
>> comment that the OpenSCG build scripts are not currently public at all
>> as far as I could see, and should be if their work is to be listed on
>> postgresql.org's primary downloads page.
>
> It's not more or less. What you have said is not the same thing as I
> have requested.
>
> If it was done as I suggest, when you forget a step in the process
> then the process would fail.
>
> If you build from the public repo then you simply can't forget.
The security issue you quote is precisely why we built from the
canonical source, and not a secondary mirror.
You also wouldn't see a failure as you suggest - you'd probably see a
successful build that you later discover is missing recent bug fixes.
>>> Unverifiable binaries are a quality and security risk to the project.
>>
>> In theory. In practice it seems unlikely anyone would ever take the
>> time and energy to build them themselves and actually verify them -
>> the effort to do so would be huge (for example, assembling the 9.2
>> build machine for the installers and building all the necessary
>> dependencies for all the supported platforms etc. has so far taken a
>> number of man weeks). To verify the binaries we put out, someone would
>> have to build an exact mirror of that environment. That's not to say
>> it shouldn't be possible of course. In fact, it wouldn't even be
>> possible, as we digitally sign some of the executables to appease
>> Windows, and we obviously cannot share that certificate.
>
> I know multiple users (aside from 2ndQuadrant) that re-build their own
> binaries as a safety barrier in their release process, so I don't
> believe the effort level is that high, nor do I believe people won't
> do it. I take your point that it is maybe only 1% of people, but those
> are the ones that report all the bugs.
Well if you believe it's that easy, then I'd suggest you try for
yourself. Building the installers is *not* trivial, and building the
installers with an identical dependency tree to verify everything
we've built is a huge undertaking - and as I mentioned, not actually
possible on Windows because you would have no way to sign the binaries
you create with our certificate.
Note again though that we're talking *installers* here, and not RPMs
or other types of packages. The installers are *very* different from
other packages because we have to build so many of the dependencies
ourselves to ensure they'll run successfully on all the supported
platforms.
> The most important thing is that people can see the ingredients before
> they eat the food.
You're welcome to see the code - it's on git.postgresql.org. But that
doesn't mean it would be easy to build a bit-level verifiable copy of
our binaries.
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
view thread (56+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: Linux Downloads page change
In-Reply-To: <CA+OCxoz7-Guj3861feYOTD59RNw06-5neMmSUZD+vvvvm3NvQg@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox