The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Changing the way we deal with source archives

From: Mark Eichin <eichin@cygnus.com>
> Umm, they already do: <package>-<version>.tar.gz unpacking into
> <package>-<version> is mandated by the GCS, and followed by a large
> percentage of the packages out there.  *we* need to change the .orig
> silliness. 

I agree. We need to change the policy manual and the defaults of
dpkg-source so that original source archives are carried into the
distribution un-modified. 

DOES ANYONE DISAGREE WITH THIS (calling for consensus here).

In addition, we need to fold the GCS and the LSM procedure into one
document. We need to extend the LSM to include MD5 checksums for the
files it mentions. We need to extend the LSM to be wrapped with a PGP
signature. That will do everything we need for verifying integrity of 
upstream sources _except_ for admitting the upstream maintainer into the
PGP web of trust.

	Thanks

	Bruce
--
Bruce Perens K6BP   Bruce@Pixar.com   510-215-3502
Finger bruce@master.Debian.org for PGP public key.
PGP fingerprint = 88 6A 15 D0 65 D4 A3 A6  1F 89 6A 76 95 24 87 B3