Re: Linux Downloads page change
| От | Simon Riggs |
|---|---|
| Тема | Re: Linux Downloads page change |
| Дата | |
| Msg-id | CA+U5nMJK9tqQ8L299nuZw_hrL-4COy1CnWdJAXSrczzNyqfqRg@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Linux Downloads page change (Dave Page <dpage@pgadmin.org>) |
| Ответы |
Re: Linux Downloads page change
|
| Список | pgsql-www |
On 9 July 2012 13:05, Dave Page <dpage@pgadmin.org> wrote: > Right - that's more or less what's been discussed and agreed. The > issue with the installers that Magnus raised, is that at present I > manually push the canonical GIT repo to git.postgresql.org, and often > forget to do it until reminded. That was raised in response to my > comment that the OpenSCG build scripts are not currently public at all > as far as I could see, and should be if their work is to be listed on > postgresql.org's primary downloads page. It's not more or less. What you have said is not the same thing as I have requested. If it was done as I suggest, when you forget a step in the process then the process would fail. If you build from the public repo then you simply can't forget. >> Unverifiable binaries are a quality and security risk to the project. > > In theory. In practice it seems unlikely anyone would ever take the > time and energy to build them themselves and actually verify them - > the effort to do so would be huge (for example, assembling the 9.2 > build machine for the installers and building all the necessary > dependencies for all the supported platforms etc. has so far taken a > number of man weeks). To verify the binaries we put out, someone would > have to build an exact mirror of that environment. That's not to say > it shouldn't be possible of course. In fact, it wouldn't even be > possible, as we digitally sign some of the executables to appease > Windows, and we obviously cannot share that certificate. I know multiple users (aside from 2ndQuadrant) that re-build their own binaries as a safety barrier in their release process, so I don't believe the effort level is that high, nor do I believe people won't do it. I take your point that it is maybe only 1% of people, but those are the ones that report all the bugs. The most important thing is that people can see the ingredients before they eat the food. -- Simon Riggs http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training & Services
В списке pgsql-www по дате отправления: