This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: glibc tarballs available

From: Mike Frysinger <vapier at gentoo dot org>
To: "Brett Neumeier" <bneumeier at gmail dot com>
Cc: libc-alpha at sourceware dot org
Date: Thu, 20 Nov 2008 11:27:25 -0500
Subject: Re: glibc tarballs available
References: <5f668d330811190704m58f79292s15441adfea2a6fc1@mail.gmail.com> <200811191930.10952.vapier@gentoo.org> <5f668d330811191736k18306854iffac291e0e506a8@mail.gmail.com>

On Wednesday 19 November 2008 20:36:57 Brett Neumeier wrote:
> > i dont think we should do this haphazardly ... in other words, someone
> > who is "trusted" (like you Carlos) needs to download the source tarballs
> > and verify that they match exactly what is in cvs (or one of the
> > snapshots).  then you can sign the binary and send that to Brett to
> > mirror along side the tarballs.
>
> If someone on the glibc project wishes to be involved with trusted
> release tarballs, then I don't see why a site I maintain would be
> involved at all. Create tarballs yourself -- which would be easier
> than grabbing my tarballs and testing them anyway -- and then put them
> on ftp.gnu.org with every other GNU project's releases. That is where
> I think they should be anyway!

i'm not part of the glibc project, but if you search the archives you'll see 
that people agree with you.  but that doesnt directly apply to the point here.

> The reason I have created these tarballs and made them available is
> that nobody on the glibc project wishes to do so, and I think it is
> valuable to have them available. Anyone who disagrees -- which,
> presumably, includes the glibc maintainers -- should ignore their
> presence.
>
> (Regarding trust -- If anyone out there IS interested in validating
> the tarballs I have created, and provides me with signature files for
> them, I'd be happy to put them on the site as Mike suggests. But if
> such a person is a glibc maintainer, I really do think that
> ftp.gnu.org and its mirrors would be the appropriate place for them.)

my point was the wiki.  the wiki is "official", so it should not be pointing 
to any location that has not been verified without marking the location as 
such.

> > that said, i dont see why people insist on creating snaps themselves.  we
> > already have perfectly good snaps (that were created with accepted
> > methods) being generated and posted weekly.
>
> I may be missing something, but I don't understand this comment. I am
> not creating snapshot tarballs; I am creating release tarballs. And
> hopefully I've made my reasons for doing so clear.

they're exactly the same thing.  here, i'll go ahead and create a release 
tarball myself:
mv glibc-2.8-20080602.tar.bz2 glibc-2.8.tar.bz2
-mike

Attachment: signature.asc
Description: This is a digitally signed message part.

Follow-Ups:
- Re: glibc tarballs available
  - From: Carlos O'Donell

References:
- glibc tarballs available
  - From: Brett Neumeier
- Re: glibc tarballs available
  - From: Mike Frysinger
- Re: glibc tarballs available
  - From: Brett Neumeier

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]