[arch-dev-public] package signoffs
Thomas Bächler
thomas at archlinux.org
Tue Feb 9 08:57:40 EST 2010
Am 09.02.2010 14:34, schrieb Dan McGee:
>> Most importantly, the signoffs are there to verify that neither the
>> package files nor the contained binaries are corrupted. An i686 signoff
>> is still necessary to see that the package installs fine and the
>> binaries actually execute - an x86_64 signoff will tell you that the
>> commands in the PKGBUILD are sane, but not that nothing got corrupted.
>
> Remember that one of the original reasons we went to a "draconian"
> signoff policy was due to an unbootable kernel getting into [core].
I remember the discussion. The problem was that the i686 package got
corrupted during upload.
> We
> haven't had that happen again so something worked here. When you look
> at it that way, a signoff from another person is essential to prove
> that it didn't break badly. No noise for a week however does make it
> pretty likely that nothing broke.
... or that nobody tried it (as probably nobody tried testing/openvpn,
one of the core packages that barely any developer uses).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-dev-public/attachments/20100209/590b5af9/attachment.bin>
More information about the arch-dev-public
mailing list