Received: from magus.postgresql.org (magus.postgresql.org [87.238.57.229])
	by mail.postgresql.org (Postfix) with ESMTP id 3A82116FA502
	for <pgsql-www@postgresql.org>; Mon,  9 Jul 2012 11:50:48 -0300 (ADT)
Received: from outmail148161.authsmtp.com ([62.13.148.161])
	by magus.postgresql.org with esmtp (Exim 4.72)
	(envelope-from <simon@2ndQuadrant.com>) id 1SoFIS-0007O5-Ok
	for pgsql-www@postgresql.org; Mon, 09 Jul 2012 14:50:47 +0000
Received: from mail-c194.authsmtp.com (mail-c194.authsmtp.com [62.13.128.121])
	by punt6.authsmtp.com (8.14.2/8.14.2/Kp) with ESMTP id q69EoTub053927
	for <pgsql-www@postgresql.org>; Mon, 9 Jul 2012 15:50:29 +0100 (BST)
Received: from mail-ob0-f174.google.com (mail-ob0-f174.google.com
	[209.85.214.174]) (authenticated bits=0)
	by mail.authsmtp.com (8.14.2/8.14.2) with ESMTP id q69EoMRG020177
	(version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=FAIL)
	for <pgsql-www@postgresql.org>; Mon, 9 Jul 2012 15:50:23 +0100 (BST)
Received: by obbuo13 with SMTP id uo13so20626723obb.19
	for <pgsql-www@postgresql.org>; Mon, 09 Jul 2012 07:50:22 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.182.197.73 with SMTP id is9mr21364685obc.32.1341845422417;
	Mon, 09 Jul 2012 07:50:22 -0700 (PDT)
Received: by 10.60.115.69 with HTTP; Mon, 9 Jul 2012 07:50:22 -0700 (PDT)
In-Reply-To: 
 <CA+OCxozWwq4Hy-=epq2bn5StPVJ0PSt_Ejx0SDBd_Brcmtf63g@mail.gmail.com>
References: 
 <CAKq0gvKgeckkBa0xm6xsrmNvk=Cm6zPP4n1O3CQCvDUvCYCs8w@mail.gmail.com>
	<CABUevEyONmEeqwU4VJgs8vTV3yW3dsNLPiFfPnAKJOCLgYbvYA@mail.gmail.com>
	<CAKq0gvL-s4_Mk0ztGh+yywH5v4Jvnm2Fs2k-gq2wcrW+kfY2xQ@mail.gmail.com>
	<1341692590.1122.1.camel@lenovo01-laptop03.gunduz.org>
	<2476F91B-A1B2-45DA-96EB-8F33C79A0E05@openscg.com>
	<1341781012.3451.0.camel@lenovo01-laptop03.gunduz.org>
	<CA+OCxoxExqHx_ZNRpvmJpVoNCOa9yO4C3HTZ4Ob7e32Wn2+fcQ@mail.gmail.com>
	<CABUevEzm09To=uzW=+F==G98HK2YZNXsXwv+NW-7uOgqGLOxoQ@mail.gmail.com>
	<CA+OCxox1pCaXvOeVmv0gECbXsOqGeXQL-O2QsyWmFS9ZvCkjbg@mail.gmail.com>
	<CABUevEx_7-Xm+z5oc+61TuHzSbu34fWAKiRxAXjGwfCzff=OZA@mail.gmail.com>
	<CA+OCxoyGPVRQ+1tnxGuFS1JACr1QJUchS90qxXHuN_YTUNj8QA@mail.gmail.com>
	<CA+U5nMK86koEcfkBwUWRPqGTT1b8Qjp3hN=pk3to+kqaUoWp=w@mail.gmail.com>
	<CA+OCxoxxW3EOoLpWuTk=GW2Hr-Z+8m0_oN2QUQCMpVss6R+DDw@mail.gmail.com>
	<CA+U5nMKyzv6B7ywGv8BLfwig1wgimp0keo9rKUpaLpnANuiH+w@mail.gmail.com>
	<1341833486.9579.8.camel@lenovo01-laptop03.gunduz.org>
	<CA+U5nMJqmeepcZ1vg24UrHHtKC+zXjgSy-u-peRmJNW2EFJy-A@mail.gmail.com>
	<CA+OCxozWwq4Hy-=epq2bn5StPVJ0PSt_Ejx0SDBd_Brcmtf63g@mail.gmail.com>
Date: Mon, 9 Jul 2012 15:50:22 +0100
Message-ID: 
 <CA+U5nMJK9tqQ8L299nuZw_hrL-4COy1CnWdJAXSrczzNyqfqRg@mail.gmail.com>
Subject: Re: Linux Downloads page change
From: Simon Riggs <simon@2ndQuadrant.com>
To: Dave Page <dpage@pgadmin.org>
Cc: =?ISO-8859-1?Q?Devrim_G=DCND=DCZ?= <devrim@gunduz.org>,
	Magnus Hagander <magnus@hagander.net>, Scott Mead <scottm@openscg.com>,
	"pgsql-www@postgresql.org" <pgsql-www@postgresql.org>
Content-Type: text/plain; charset=ISO-8859-1
X-Server-Quench: 69e5f534-c9d5-11e1-80b9-0022640b883e
X-AuthReport-Spam: If SPAM / abuse - report it at:
	http://www.authsmtp.com/abuse
X-AuthRoute: OCdxZQATClZOTQEd DAteCiN5VAwpPBRK HVkIKg5MOFUSTAAU
	LVlFBkJUK0ETX1xC QjoVBBYDHl14Rhkw NxVTbQRfcktLVQBq
	WkpKDFBSHRtgBAID BxoAUx52aABOf2Fx KwdkVwUEISYNdUR9
	Q0lTW2UEZ2cubmlK VRZddAdJIwoeewJE awV+SXsNM2waZnpi
	RVFvZzphbW5SPh5Y EEk+NV0JWEJOASEj clgmHDMyDQUpQDo1
	KxsvJkVUBE8ePw05 MVInVl9w
X-Authentic-SMTP: 61633235383639.1015:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 209.85.214.174/587
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
	anti-virus system.
X-Pg-Spam-Score: -2.6 (--)
X-Archive-Number: 201207/94
X-Sequence-Number: 20843

On 9 July 2012 13:05, Dave Page <dpage@pgadmin.org> wrote:

> Right - that's more or less what's been discussed and agreed. The
> issue with the installers that Magnus raised, is that at present I
> manually push the canonical GIT repo to git.postgresql.org, and often
> forget to do it until reminded. That was raised in response to my
> comment that the OpenSCG build scripts are not currently public at all
> as far as I could see, and should be if their work is to be listed on
> postgresql.org's primary downloads page.

It's not more or less. What you have said is not the same thing as I
have requested.

If it was done as I suggest, when you forget a step in the process
then the process would fail.

If you build from the public repo then you simply can't forget.


>> Unverifiable binaries are a quality and security risk to the project.
>
> In theory. In practice it seems unlikely anyone would ever take the
> time and energy to build them themselves and actually verify them -
> the effort to do so would be huge (for example, assembling the 9.2
> build machine for the installers and building all the necessary
> dependencies for all the supported platforms etc. has so far taken a
> number of man weeks). To verify the binaries we put out, someone would
> have to build an exact mirror of that environment. That's not to say
> it shouldn't be possible of course. In fact, it wouldn't even be
> possible, as we digitally sign some of the executables to appease
> Windows, and we obviously cannot share that certificate.

I know multiple users (aside from 2ndQuadrant) that re-build their own
binaries as a safety barrier in their release process, so I don't
believe the effort level is that high, nor do I believe people won't
do it. I take your point that it is maybe only 1% of people, but those
are the ones that report all the bugs.

The most important thing is that people can see the ingredients before
they eat the food.

-- 
 Simon Riggs                   http://www.2ndQuadrant.com/
 PostgreSQL Development, 24x7 Support, Training & Services