emerge dirty patches for download problems
Bernhard Reiter
bernhard at intevation.de
Fri Apr 18 16:40:52 CEST 2008
On Friday 18 April 2008 12:04, Christian Ehrlicher wrote:
> > Best would be detached signatures of course (for the one that publishes).
> >
> > It would help if just an md5sum is calculated and put in the
> > emerge/portage
> > when the portage while is adapted. I take it that in most cases there is
> > a specific file referenced so that person updating a portage spec
> > should just insert their own checksum at least.
>
> The packager can be modified to create a md5sum for every package
> (dbus-mingw-1.1.2-1234567.md5sum) or every file. Just don't know if this
> helps us. Putting something in the emerge tree isn't a good solution as we
> can't use it for our installer then.
Maybe I did not fully grasp it yet.
To me emerge looks like having a pool of
instruction how to get, build and installer other packages.
Those packages can be third party or coming from us.
For both case emerge should have a step called "verification" or
"establishing" trust that the aquired package files are the right ones.
This is possible even without help of the packager,
just put a checksum in. Of course it would be cool,
if the packager would publish checksum and even signatures themselfs.
Bernhard
--
Managing Director - Owner: www.intevation.net (Free Software Company)
Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com.
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.kde.org/pipermail/kde-windows/attachments/20080418/720755de/attachment.pgp
More information about the Kde-windows
mailing list