This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: glibc tarballs available
Hi Mike,
Thanks for your email! I appreciate the input and interest.
> i dont think we should do this haphazardly ... in other words, someone who is
> "trusted" (like you Carlos) needs to download the source tarballs and verify
> that they match exactly what is in cvs (or one of the snapshots). then you
> can sign the binary and send that to Brett to mirror along side the tarballs.
If someone on the glibc project wishes to be involved with trusted
release tarballs, then I don't see why a site I maintain would be
involved at all. Create tarballs yourself -- which would be easier
than grabbing my tarballs and testing them anyway -- and then put them
on ftp.gnu.org with every other GNU project's releases. That is where
I think they should be anyway!
The reason I have created these tarballs and made them available is
that nobody on the glibc project wishes to do so, and I think it is
valuable to have them available. Anyone who disagrees -- which,
presumably, includes the glibc maintainers -- should ignore their
presence.
(Regarding trust -- If anyone out there IS interested in validating
the tarballs I have created, and provides me with signature files for
them, I'd be happy to put them on the site as Mike suggests. But if
such a person is a glibc maintainer, I really do think that
ftp.gnu.org and its mirrors would be the appropriate place for them.)
> that said, i dont see why people insist on creating snaps themselves. we
> already have perfectly good snaps (that were created with accepted methods)
> being generated and posted weekly.
I may be missing something, but I don't understand this comment. I am
not creating snapshot tarballs; I am creating release tarballs. And
hopefully I've made my reasons for doing so clear.
Warm regards,
bn
--
Brett Neumeier (bneumeier@gmail.com)