The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Can I interest anyone in RPM?



On Tue, 23 Sep 1997, Andreas Jellinghaus wrote:

> 90 % : marketing

That won't buy us a better system. We can win the marketing battle if
we improve our PR. See how much has been done in one year, since
our first stable release.

> 10 % : new features (rpm's are pgp signed, and they had this feature 2
> 		years ago. and we still don't have this feature !)

We can have this feature tomorrow if you want it. I posted a method to
add pgp signatures to deb packages many months ago (two tiny utilities), 
but it wasn't accepted because the problem with PGP signatures is that of 
trusting the signator. Who will sign the packages? The individual mantainer? 
A Debian security officer? It's the policy that is missing, and that will
be missing also if we switch to rpm.

Ian Jackson posted a long and very eleborated procedure to sign packages,
that didn't involved hard modifications to the deb package format itself,
but a way to have trusted signatures and methods to reject a compromised
key, and all that stuff. That procedure hasn't been implemented yet.

If you want, I can repost my proposal, and we can discuss it again.
Perhaps this time something will be done.

The way I see it, that 10% of new utilities can be added to dpkg and
deb in a flash. But you can't extract an RPM with ar+tar+gzip, the
way you can extract a deb package, for example.

> note : I don't say "drop deb". i say "merge deb and rpm, and call it rpm."

It won't work that way. A rose by any other name... is not what others
call an RPM package. It's not the RPM name we are buying, if I
understood Bruce suggestion, the RPM managing tools are the win
(are they such a win?). If our RPM can't use their tools, we haven't
go any further.
 
	Thanks,
-- 
Enrique Zanardi						   ezanardi@ull.es
Dpto. Fisica Fundamental y Experimental			Univ. de La Laguna


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .