-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tom Feiner schrieb: > Hi Patrick, > > Thanks for considering this again :) > > Your plan sound very much like the way the flashplugin-nonfree > maintainers operate. The only difference is that as flash is indeed > non-free, they don't have the source, so the best they could do is > verify it and sign it. > > In the GeoIP database case, we have the source, and (now) the way to > build the database, so why should we need to reinvent the wheel in terms > of how to update a system, sign a package, verify it, and maintain the > GPG key. All of that is already handled and maintained in debian apt GPG. > > As the database will probably be updated much more frequently (in the > long run) than the rest of the package (the library, utilities), maybe > it'll make more sense to split the database to a separate source > package, set up its own watch file to be notified of new updates and > actually upload a new database on a monthly basis to the official debian > mirrors? > > I'm not sure what's the best practice in this situation, maybe we should > raise this issue in debian-devel to get some more input on the best way > to handle this? > > Thanks, > Tom Feiner >
Hmpf I have got an NACK for my plan from DSA. :< - -- /* Mit freundlichem Gruß / With kind regards, Patrick Matthäi GNU/Linux Debian Developer E-Mail: [email protected] [email protected] Comment: Always if we think we are right, we were maybe wrong. */ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkqyOgkACgkQ2XA5inpabMeB/QCdETIJZLsbTAkCyAfeve17CyoE GxoAniLTcMk3ZcxSXZlVvwSIGvCWkxHR =yE3b -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
