On Sat, 2009-02-14 at 12:57 -0500, Rob Stampfli wrote: > What is the official position of the Pidgin team wrt Ubuntu in > such situations? Compile your own copy?
I don't want to speak "for the team" just yet, but I'm going to do what I hope can be considered official or semi-official Ubuntu packages here: https://launchpad.net/~pidgin-developers/+archive/ppa For those of you not familiar with Launchpad PPAs, the idea is that Launchpad is providing servers to build the packages and host the downloads. I have been waiting to publicize this (and keep the packages up-to-date) until GPG-signed PPAs went live. That has now happened*, so I just need to rebuild with the latest version of Pidgin. If we're going to release a 2.5.5 soon, I'll wait until then and cut a package for every supported version of Ubuntu at the PPA. For the developers: I'd like to make the "download" link at pidgin.im go to the PPA for people with Ubuntu in their user-agent string. How do you feel about this, as opposed to serving them a tarball? Richard * From a security standpoint, the GPG signature on the package list file is issued by the build servers, not (for example) me. So, you're trusting 0) Pidgin developers, 1) Launchpad's access control to ensure that only authorized Pidgin developers can upload packages to our PPA, and 2) Launchpad's servers to not get owned and serve you (signed) evil substitute packages. #1 is really the only difference between this and the official Ubuntu packages, assuming the same guys (at Canonical, I'd bet) run the official Ubuntu mirrors and the Launchpad servers. That's probably the case, but I don't know for sure.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Support mailing list [email protected] http://pidgin.im/cgi-bin/mailman/listinfo/support
