Karl Goetz schreef:
On Sat, 01 May 2010 16:48:58 +0200 Sam Geeraerts
<[email protected]> wrote:
Karl Goetz schreef:
On Fri, 30 Apr 2010 11:52:56 +0200 al3xu5 / dotcommon
<[email protected]> wrote:
- have a list of all the corresponding signatures (linking the
pubkeys for downloading) - have a changelog (maybe it could be
the page history)
changelog of repositories ??
As in the recent metad/updates change. But those changes are only
interesting when they happen, not a few months after. They get
announced on the mailing list, so I don't see a need for a
changelog.
These changes happen so infrequently that I don't think its worth
worrying about.
so the advantage having just such one place where put all the
repositories related infos should be either for developers
(which could put here all the infos, keep them updated, and use
just links
Developers change the repository info in python-apt, and only i
have access to the signing keys.
I guess al3xu5 means developers in the broad sense, including user
support.
I'm not sure I follow sorry. Are you saying 3rd parties should put
their gpg keys there?
No, it would be something like
http://www.gnewsense.org/Main/FixExpiredArchiveKey. If a user messes
around with apt and screws up his configuration (e.g. rm
/etc/apt/trusted.gpg) and then complains about it on the mailing list
then someone can just tell him to get the key from that webpage and
apt-key add it again. But afaik the key is in one of our packages, so
reinstalling that seems like a better solution. As you said, it's not
worth worrying about.
_______________________________________________
gNewSense-dev mailing list
[email protected]
http://lists.nongnu.org/mailman/listinfo/gnewsense-dev
