| From: | Devrim GÜNDÜZ <devrim(at)gunduz(dot)org> |
|---|---|
| To: | Simon Riggs <simon(at)2ndQuadrant(dot)com> |
| Cc: | Dave Page <dpage(at)pgadmin(dot)org>, Magnus Hagander <magnus(at)hagander(dot)net>, Scott Mead <scottm(at)openscg(dot)com>, "pgsql-www(at)postgresql(dot)org" <pgsql-www(at)postgresql(dot)org> |
| Subject: | Re: Linux Downloads page change |
| Date: | 2012-07-09 12:10:15 |
| Message-ID: | 1341835813.9579.18.camel@lenovo01-laptop03.gunduz.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
Hi
On Mon, 2012-07-09 at 12:41 +0100, Simon Riggs wrote:
> IMHO we should only list binaries on the postgresql.org website if
> they are derived from build information that is owned by the PGDG, or
> at very least publicly available at the time of the build and likely
> to remain so afterwards.
I agree with this.
> That process should be automatic as far as possible, to minimise
> error, since the number of users of those binaries is now very large.
*Community RPMs* are more or less automated: There are some steps that
has to be done manually: Updating spec files, signing RPMs, performing
QA and then pushing to the repositories. Currently, when we build an
RPM, it passes through 3 separate tubes until it reaches final position.
We do the QA on first two tubes, since the last rsync is just a mirror
of the staging repository.
> Unverifiable binaries are a quality and security risk to the project.
Agreed -- and that is what me, Dave, etc., also think.
Regards,
--
Devrim GÜNDÜZ
Principal Systems Engineer @ EnterpriseDB: http://www.enterprisedb.com
PostgreSQL Danışmanı/Consultant, Red Hat Certified Engineer
Community: devrim~PostgreSQL.org, devrim.gunduz~linux.org.tr
http://www.gunduz.org Twitter: http://twitter.com/devrimgunduz
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2012-07-09 12:10:18 | Re: Linux Downloads page change |
| Previous Message | Dave Page | 2012-07-09 12:05:54 | Re: Linux Downloads page change |