-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, Feb 12, 2009 at 06:19:13PM -0500, Luke Faraone wrote: >On Thu, Feb 12, 2009 at 5:53 PM, Sascha Silbe < >sascha-debian-bugs-suga...@silbe.org> wrote: > >> On Tue, Jan 20, 2009 at 11:51:02PM +0100, Jonas Smedegaard wrote: >> >> [unsigned packages] >> >>> I claim (through this signed email) that I myself compiled all >>> packages offered at debian.jones.dk in clean (or >>> least-possible-unclean[1]) build environments. >>> >> If I somehow suggested your packages are of minor quality or >> something like that just because they're not signed, I apologize.
No no. You just triggered an issue of mine about putting trust in signatures instead of in what is behind those signatures. >> I'm sensitive regarding unsigned packages because I have good reasons >> _not_ to trust the university network (i.e. my internet uplink). Makes sense. And then you are right that me signing my packages would help. Hmmm - I have now enabled https acces to my packages. You should be able to use apt-transport-https to trust the transport then - still not as good as trusting the packages, but that is between me and my hosting provider, not something your ISP could interfere with. >>> My Lenny packages has been compiled against libraries in Lenny. >>> Sid packages has been compiled against libraries in Sid. >>> >> OK, seems like I misunderstood how testing works. Until now, I >> thought packages are always uploaded to sid and automatically enter >> testing if no bug is filed against the new version within a certain >> period (one week?). Do you have a quick pointer to some documentation >> explaining how it actually works? You did not misunderstand: Luke is right that the only mistake above is 1w -> 10d :-) But not all packages enter testing after 10 days, so when adding a new package later, it is safer to compile against libraries in same branch. - Jonas - -- * Jonas Smedegaard - idealist og Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkmUwrcACgkQn7DbMsAkQLj5CACcDtDwN7cNR9+P//y6Da7Dv1N9 sCQAmwbqArsoWXJ8Mk9PjjISugziW2Lj =0MDI -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
