Hey That change is acceptable as far as I'm concerned, if the community vets a source as "trusted", pretty safe to assume it's trusted.
I would link 'maintainer' to the os.o username as a set-in-stone condition on the upload page personally ( ie, my os.o username is error404, I should have to log in to upload a package build recipe, and the build machine should set maintainer to error404 at opensolaris.org automatically ). Maybe also a link to the spec file ( which we would host ) so that people can come along later, take a look at how it was built ( flags and what have you ) ? just some quick thoughts -JohnS On 12-Nov-08, at 11:02 PM, Jim Walker wrote: > John Sonnenschein wrote: >> Binary blobs are fine, but they ought to be the exception, and ought >> to require human intervention that they are trusted enough to deliver >> binary ( I'm sure if adobe came up and wanted to dump stuff in >> contrib/ that they'd be greenlit. ) > > I agree. I updated the process and added some package update > procedures. Let me know what you think. > > http://www.genunix.org/wiki/index.php/ContribRepo > > Now, I think all we need to do is define which metadata > fields we want to use. These may be a good start: > > set name=pkg.name value="newpak" > set name=pkg.description value="new package" > set name=pkg.detailed_url value="http://sourceforge.net/newpak"; > set name=maintainer value="open.dev at x.y" > set name=upstream value="m > set name=upstream_url value=http://www.ibiblio.org/mc/ > set name=source_url value=http://www.rs/mc/mc-4.6.1.tar.gz > set name=repository_url value=http://cvs.savannah.gnu.org/mc/ > set name=gui.classification value="FileManager ConsoleOnly Utility" > license $HOME/COPYING license="GPLv2" > > set name="pkg.repo" value="pending" > > Could be used to define where the package is from. > > Cheers, > Jim
