On Tue, Feb 19, 2013 at 5:01 PM, Martin Pitt <mpitt@debian.org> wrote:
> Magnus Hagander [2013-02-19 16:40 +0100]:
>> Unfortunately, it will take quite a while to propagate, no?
>
> Yes, but it took a long time to set up apt.p.o, and the PPA won't
> disappear anytime soon anyway. This is also something which we can
> backport to 12.04 LTS, and 10.04 LTS' lifetime isn't that long any
> more anyway. For Debian, there's a good chance we can get it into the
> next release (wheezy); it's in deep freeze, but that's a low-risk
> change.
Yeah. It would be very nice to get it in there for future work, but we
definitely need to put something else in place before then. But let's
do both :)
>> What we were considering was using a curl | sudo bash basically. It
>> will then be signed by our main SSL certificate, so that should be
>> almost as trustworthy as a package signature (ours would be
>> exploitable by somebody tricking a public CA into giving them a cert
>> for www.postgresql.org)
>
> That seems fine indeed. There's nothing wrong with having more than
> one way -- if you have the local script, use that, otherwise use above
> approach?
Yeah, that's what I'd suggest.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/