On Fri, 2002-01-18 at 03:38, Max Horn wrote:

> * shlibs support - I am going to work on this during weekend

Cool.  I'd love to help, but I'm already involved in too many projects
of my own.  I just wish there were more hours in a day.  Or more days in
a weekend.  :)

> * A way to sign .deb files (and maybe als .info files), and to 
> automatically verify these signatures. This might not seems that 
> important right now, but definitly will be in the future. I think we 
> should use gnupg for this. At least all of the fink core developers 
> will have to have a key, ideally all cross-signed with each other. 
> Whenever somebody makes a binary release available, he'll sign it 
> with his personal key. This is no easy thing, and probably will have 
> to be discuessed in a full thread of its own.

'rpm' has that.  Signature checking is part of verifying a package.

> * Move to a new package format - yes or no, and which. This has to be 
> carefully designed, I think.

If you're going to switch, I think that rpm is the clear choice.  It
provides shlib dependencies, pgp/gpg signatures, sub packages...  It
would probably be to Fink's benefit to replace .info files entirely with
native package descriptions (in the case of rpm, ".spec" files).  And,
since apt is available for rpm, you can still use that.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to