This is the mail archive of the cygwin-apps@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [RFC] gpg signed packages [Was: unofficial packages]


On Wed, Sep 25, 2002 at 02:36:40PM +0100, Morrison, John wrote:
>I think, if this key thing goes ahead, somebody is going to have to
>come up with a *very* detailed method of getting a key and signing
>things with regards to cygwin stuff.  Making a package for cygwin _is_
>not easy for people who grew up in windows.  I'm sure it's put lot's of
>people off contributing.

Since cygwin is supposed to be a UNIX emulation for Windows, I don't
see how this would be a big deal.  You build a package for cygwin in
pretty much the same manner as you would for linux.  The additional
details are documented but I don't see why they would be particularly
offputting to someone who has a basic understanding of how to do
a configure/make/patch.

You could argue, I suppose, that not everyone knows how to build
packages on linux, either, but that's not exactly relevant to this
issue, IMO.

FWIW, I have, sitting in my sandbox, a script I wrote which allows any
maintainer to upload packages to a directory which they "own".  It's
based on ssh keys, so, theoretically, it should be as secure as ssh.

I've just been waiting for the chance to clean this up and release it.
Ideally, I wanted to add something which took text that would be sent
out as an announcement, too, so it would be an all-in-one tool for
releasing a package.

cgf


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]