On Mon, Sep 03, 2001 at 06:13:37PM +0200, Niklas Hoglund wrote:
> Have I misunderstood that a signature is a kind of checksum. What purpose
> does adding a checksum to a checksum have? If the signature is invalid the
> .deb should not be trusted, but thrown away and redownloaded.
Because a cracker
On Sat, Sep 01, 2001 at 07:21:28PM +0200, Simon Richter wrote:
> On Sat, 1 Sep 2001, Christian Kurz wrote:
> > > not be ascii armored since this would only introduce transmission overhead
> > > and gain nothing. The file name for this file is constructed from the
>
> > Why does it gain nothing? Wh
On Sun, Sep 02, 2001 at 04:53:16AM -0500, Manoj Srivastava wrote:
> >>"Michael" == Michael Bramer <[EMAIL PROTECTED]> writes:
>
> Michael> A process on the ftp-master patch the deb with the
> Michael> translation, if the translation is not alread in the the
> Michael> package. This process don'
On 01-09-01 Simon Richter wrote:
> On Sat, 1 Sep 2001, Christian Kurz wrote:
> > > not be ascii armored since this would only introduce transmission overhead
> > > and gain nothing. The file name for this file is constructed from the
> > Why does it gain nothing? What about problems during transmi
On 01-09-01 Martijn van Oosterhout wrote:
> Can you store multiple signitures in the same file?
Yes, that possible by using the OpenPGP format. You'll either need to
use one-pass-signature packets, like GnuPG does by default, or the
cleartext signed format.
Christian
--
Debian Develop
>>"Michael" == Michael Bramer <[EMAIL PROTECTED]> writes:
Michael> A process on the ftp-master patch the deb with the
Michael> translation, if the translation is not alread in the the
Michael> package. This process don't change the package or the
Michael> version number- It only add the transl
On Sun, Sep 02, 2001 at 07:03:01AM +0200, Simon Richter wrote:
> > I like this all, but we have the problem with outdated translations.
>
> Yes, that's why I want these files to be automatically added from the
> database: The database still contains the untranslated strings, so we can
> check whe
On Sun, Sep 02, 2001 at 07:03:07AM +0200, Simon Richter wrote:
> > Also problematic is the idea of packaging all the translations into one
> > package. This would never be up-to-date, and more frequent updates are
> > not nice. I prefer a solution similar to the current system in ddts.
> > This cou
On Sat, Sep 01, 2001 at 10:36:59PM +0200, Richard Atterer wrote:
> On Sat, Sep 01, 2001 at 01:32:26PM +0200, Michael Bramer wrote:
> > > - How do we avoid that a package is updated too often? Updating the
> > > .deb for each translation change is far too often - maybe add any
> > > new translat
> Also problematic is the idea of packaging all the translations into one
> package. This would never be up-to-date, and more frequent updates are
> not nice. I prefer a solution similar to the current system in ddts.
> This could be included in the current FTP archive, in the subdirectories
> for
> > which uploads? There are no extra uploads.
> There have to be, in my eyes. Consider this scenario:
katie can pretend there has been an upload.
> OK, but re-diffing will invalidate the maintainer's signature on the
> diff! Hm, I guess this doesn't matter as long as that sig's sole
> purpose i
> > I don't think translations should be in the source package at all,
> I'm opposed to this! Yes, not including the translations in the source
> package makes things much easier, but I think they still should be
> there at all costs.
Yes, I can agree with that. I think we have to put them in a s
> > - What would source packages look like for such a system? It /is/
> > possible to continue to use the old .orig.tar.gz + diff.gz, but
> > automatic updates for new translations would invalidate the
> > maintainer's signature. Should we seize the opportunity to switch to
> > a more flexi
> > The translation archive can contain a "control" and a "templates" file.
> > These files have much the same format as the corresponding files from the
> > control.tar.gz file but with the exception that they contain only the
> > identifiers ("Package: xyz" for "control" and "Template: foo/bar" f
> > Step 1: Signed archives
> > ---
> Quick note from vacation: signed packages are already designed and
> implemented. No need to reinvent the wheel.
Do they allow unsigned/separately signed parts?
Simon
> You should all realise that GNU ar supports long filenames, so there is no
> need to obfuscate filenames from ar's point of view.
GNU ar, yes. dpkg, no.
Simon
16 matches
Mail list logo
