emerge dirty patches for download problems
Christian Ehrlicher
Ch.Ehrlicher at gmx.de
Fri Apr 18 17:21:54 CEST 2008
Bernhard Reiter schrieb:
> On Friday 18 April 2008 12:04, Christian Ehrlicher wrote:
>>> Best would be detached signatures of course (for the one that publishes).
>>>
>>> It would help if just an md5sum is calculated and put in the
>>> emerge/portage
>>> when the portage while is adapted. I take it that in most cases there is
>>> a specific file referenced so that person updating a portage spec
>>> should just insert their own checksum at least.
>> The packager can be modified to create a md5sum for every package
>> (dbus-mingw-1.1.2-1234567.md5sum) or every file. Just don't know if this
>> helps us. Putting something in the emerge tree isn't a good solution as we
>> can't use it for our installer then.
>
> Maybe I did not fully grasp it yet.
> To me emerge looks like having a pool of
> instruction how to get, build and installer other packages.
> Those packages can be third party or coming from us.
>
correct. But emerge is only one of (currently) two ways to install
packages. For end-users the kdewin-installer should be used. And this
installer also needs to know about md5sums.
> For both case emerge should have a step called "verification" or
> "establishing" trust that the aquired package files are the right ones.
> This is possible even without help of the packager,
> just put a checksum in. Of course it would be cool,
> if the packager would publish checksum and even signatures themselfs.
>
With packager I meant our kdewin-packager which currently doesn't do
much apart from putting all into four .tar.bz2 files (bin, lib, doc, src).
Christian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://mail.kde.org/pipermail/kde-windows/attachments/20080418/ff8c1c72/attachment-0001.pgp
More information about the Kde-windows
mailing list