At Sun, 28 Mar 2010 21:58:11 GMT, Karl Berry wrote: > Oh? Doesn't that rather defeat the purpose of signing releases? I > thought that became a strict requirement for ftp.gnu.org after the > crack a couple years.
They'd need to be signed and go through the same check as normal uploads. > Also, it would be a *lot* of work to do this and keep it up to date. > It's not like there are nice ftp or http directories of release tarballs > to mirror for most non-prep packages. I think you mentioned that you have a list of all the offsite package locations -- is it available on fencepost? -- Brian Gough
