public inbox for [email protected]
help / color / mirror / Atom feedFrom: Magnus Hagander <[email protected]>
To: Martin Pitt <[email protected]>
Cc: Greg Smith <[email protected]>
Cc: Bruce Momjian <[email protected]>
Cc: Alvaro Herrera <[email protected]>
Cc: Christoph Berg <[email protected]>
Cc: Stefan Kaltenbrunner <[email protected]>
Cc: Josh Berkus <[email protected]>
Cc: PostgreSQL WWW <[email protected]>
Cc: PostgreSQL in Debian <[email protected]>
Cc: Tom Lane <[email protected]>
Subject: Re: [pgsql-pkg-debian] Re: We should not transition to apt.postgresql.org until we have a PPA
Date: Tue, 19 Feb 2013 16:40:40 +0100
Message-ID: <CABUevEzGrQ=0J8dw1fj=k-cVkzbgfnNOkwYTk_BK-zLu8P+wBA@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<CABUevExD808PKJEMuhLnH_pk8hD9yJ3eSA2Dv0q_EP1-o7B5Mg@mail.gmail.com>
<[email protected]>
List-Unsubscribe: <mailto:[email protected]?body=unsub%20pgsql-www>
On Tue, Feb 19, 2013 at 4:36 PM, Martin Pitt <[email protected]> wrote:
> Magnus Hagander [2013-02-19 16:22 +0100]:
>> > The instructions at http://www.postgresql.org/download/linux/debian/ are a
>> > bit much right now, so some automation toward reducing them would be useful.
>
>> Yes. This is why we have multiple debian packaging experts in the
>> project. And also people who know some things about debian packages
>> and some things about usual customers, to bridge the gap ;)
>
> I think I can claim to have a sufficient understanding of how Debian
> and Ubuntu archives and packaging work to offer to write such a
> script. :-)
Most definitely.
(BTW, this proves which debian packager wasn' tin the IRC channel at
the time :P)
>> Just to keep people informed, the current plan which is the latest
>> conclusion in the IRC discussion amongst the packagers is:
>>
>> * Change the package pinning to be less conservative, and more with
>> what most people want. That will remove one step from the installation
>> instructions. Obviously this needs some lead time, but shouldn't be
>> too much.
>
> I'm very much in favor of this.
>
>> * Create an automated script that will set the repository up for
>> people. This can either be downloaded and run, or it can be downloaded
>> as a signed https download and piped directly to the shell for those
>> daring people who trust postgresql.org.
>
> My current idea is to ship both the GPG key and the script in the
> Debian/Ubuntu postgresql-common package. This closes the
> authentication loophole in the sense that you can trust to get the
> real postgresql archive if you trust that you have the real Debian
> archive, and it doesn't need scary "wget | sudo bash" hacks.
Unfortunately, it will take quite a while to propagate, no?
What we were considering was using a curl | sudo bash basically. It
will then be signed by our main SSL certificate, so that should be
almost as trustworthy as a package signature (ours would be
exploitable by somebody tricking a public CA into giving them a cert
for www.postgresql.org)
> So in theory this script could also set up the apt pinning, but I'd
> rather not, because (1) doing that automatically would be besides the
> point of having the pinning requirement in the first place, and (2)
> automatically doing this can potentially break an already existing
> (unrelated) apt pin configuration in "interesting" ways.
Yeah, +1.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
--
Sent via pgsql-www mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-www
view thread (87+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: [pgsql-pkg-debian] Re: We should not transition to apt.postgresql.org until we have a PPA
In-Reply-To: <CABUevEzGrQ=0J8dw1fj=k-cVkzbgfnNOkwYTk_BK-zLu8P+wBA@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox