Re: Linux Downloads page change
| От | Dave Page |
|---|---|
| Тема | Re: Linux Downloads page change |
| Дата | |
| Msg-id | CA+OCxozWwq4Hy-=epq2bn5StPVJ0PSt_Ejx0SDBd_Brcmtf63g@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Linux Downloads page change (Simon Riggs <simon@2ndQuadrant.com>) |
| Ответы |
Re: Linux Downloads page change
Re: Linux Downloads page change |
| Список | pgsql-www |
On Mon, Jul 9, 2012 at 12:41 PM, Simon Riggs <simon@2ndquadrant.com> wrote: > On 9 July 2012 12:31, Devrim GÜNDÜZ <devrim@gunduz.org> wrote: >> >> Hi Simon, >> >> On Mon, 2012-07-09 at 12:25 +0100, Simon Riggs wrote: >> >>> I am discussing the relationship of SRPMs and RPMs, which is a valid >>> point on this thread given the point that the RPMs and SRPMs have been >>> mismatched for some time and that the current process calls for manual >>> rather than automatic synchronisation. >> >> Which SRPMs are you talking about? Community SRPMs? If so, they have >> been always available on the website. If you are talking about OpenSCG >> RPMs, that is a different thing. > > My words were a little unclear all round, please accept my apologies. > > IMHO we should only list binaries on the postgresql.org website if > they are derived from build information that is owned by the PGDG, or > at very least publicly available at the time of the build and likely > to remain so afterwards. That process should be automatic as far as > possible, to minimise error, since the number of users of those > binaries is now very large. Right - that's more or less what's been discussed and agreed. The issue with the installers that Magnus raised, is that at present I manually push the canonical GIT repo to git.postgresql.org, and often forget to do it until reminded. That was raised in response to my comment that the OpenSCG build scripts are not currently public at all as far as I could see, and should be if their work is to be listed on postgresql.org's primary downloads page. > Unverifiable binaries are a quality and security risk to the project. In theory. In practice it seems unlikely anyone would ever take the time and energy to build them themselves and actually verify them - the effort to do so would be huge (for example, assembling the 9.2 build machine for the installers and building all the necessary dependencies for all the supported platforms etc. has so far taken a number of man weeks). To verify the binaries we put out, someone would have to build an exact mirror of that environment. That's not to say it shouldn't be possible of course. In fact, it wouldn't even be possible, as we digitally sign some of the executables to appease Windows, and we obviously cannot share that certificate. -- Dave Page Blog: http://pgsnake.blogspot.com Twitter: @pgsnake EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company
В списке pgsql-www по дате отправления: