On Tue, 2016-11-29 at 12:33 -0200, Helen Koike wrote:
>
> On 2016-11-20 09:24 AM, Ben Hutchings wrote:
> > On Wed, 2016-11-16 at 00:45 -0200, Helen Koike wrote:
> > [...]
> > > +TARGET="$ftpdir/dists/$suitedir/main/code-sign/"
> > > +OUT_TARBALL="$TARGET/${IN_TARBALL##*/}"
> > > +OUT_TARBALL="${OUT_TARBALL%.tar.xz}_sigs.tar.xz"
> >
> > [...]
> >
> > This naming may have to change; see Ansgar's message at
> > <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=821051#90> and my
> > reply below.
> >
> > Otherwise, I think this is fine.
> >
> > Ben.
> >
>
> I am not sure I understand the pointed message regarding naming, what
> should be a better naming here ?Ansgar thinks that maintaining an embargo requires that we don't reveal which packages have had security uploads. So as long as the signature tarballs themselves are not embargoed, their filenames should not be visible or predictable. Ben. -- Ben Hutchings Theory and practice are closer in theory than in practice. - John Levine, moderator of comp.compilers
signature.asc
Description: This is a digitally signed message part
