| From: | Simon Riggs <simon(at)2ndQuadrant(dot)com> |
|---|---|
| To: | Dave Page <dpage(at)pgadmin(dot)org> |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Devrim GÜNDÜZ <devrim(at)gunduz(dot)org>, Scott Mead <scottm(at)openscg(dot)com>, "pgsql-www(at)postgresql(dot)org" <pgsql-www(at)postgresql(dot)org> |
| Subject: | Re: Linux Downloads page change |
| Date: | 2012-07-09 11:19:28 |
| Message-ID: | CA+U5nMK86koEcfkBwUWRPqGTT1b8Qjp3hN=pk3to+kqaUoWp=w@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
On 9 July 2012 10:44, Dave Page <dpage(at)pgadmin(dot)org> wrote:
> It gets pushed periodically when I remember to do it (or someone
> reminds me), which I guess you've forgotten given that we've had this
> exact same discussion before.
That highlights a key flaw.
If we distribute RPMs then the SRPMs should exactly match. If they
don't, that's a pretty serious set of bugs we're introducing.
Can I suggest that the process be changed? Push the SRPM code, then
generate RPMs from the released SRPM code. That way there is no
opportunity to forget anything. This is a substantial security
concern, not just a forgotten task.
Perhaps it would be useful to have a "build farm" that builds the RPMs
from SRPMs automatically, then we will have no need for manually
updating the RPMs at all. (And I mean build all binaries from publicly
available build scripts).
--
Simon Riggs http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dave Page | 2012-07-09 11:21:52 | Re: Linux Downloads page change |
| Previous Message | Dave Page | 2012-07-09 10:28:11 | Re: Linux Downloads page change |