Minor Changes to GNOME FTP Proposal



Hey,

I've been fixing up install-module recently, in preparation for some nice
security updates to GNOME's release infrastructure (hopefully up for 2.8),
and have a minor change to propose, as well as a couple of new features.

I'm proposing to shift from individual tar.{gz,bz2}.md5 to a single md5sum
file, containing checksums for every file associated with that release. An
example:

  $ cat metacity-2.6.5.md5sum
  3c9d815ef02c78d22896585380f198c3  metacity-2.6.3-2.6.5.diff.gz
  4fc1765e8d70ed3fd59ff64b4e0520e8  metacity-2.6.5.changes
  9febd197afe75e7d13138cec0b9dedb9  metacity-2.6.5.news
  2530cca3818a6c25caa2f2aa135cfd62  metacity-2.6.5.tar.bz2
  92046dd67e12508fc9ad6577a5d04d88  metacity-2.6.5.tar.gz

Those paying attention will have noticed the *.changes and *.news files. ;)

They contain human-readable NEWS and ChangeLog updates, much like the NEWS
section in recent ftp-release-list mails. Lots of people seemed to find them
useful, and since I was already generating them, I thought it might make
sense to put them up on the ftp site. Saves reprocessing them all when doing
aggregate releases. ;-)

Thoughts? Was anyone relying on the .md5 files?

After 2.8 starts, but before GUADEC, I'll be proposing a GPG-signed tarballs
system, combined with an ftp master that a limited number of people have
direct access to. This will dramatically reduce the opportunity for horrible
people to attack our tarball archive. If accepted, we might have to do some
keysigning at GUADEC. Shock, horror! ;-)

- Jeff

-- 
GVADEC 2004: Kristiansand, Norway                    http://2004.guadec.org/
 
     "Ah, now we see the violence inherent in the system." - From Monty
                      Python to ESR, by way of Al Viro



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]