Maintainers doing it for themselves
Robert Collins
robert.collins@syncretize.net
Wed Jul 10 15:24:00 GMT 2002
Chris,
Here's a simplistic idea, lifted from debian.
Each maintainer provides you with a gpg (it's in the distro now :})
public key.
You provide an anonymous upload only ftp site.
To provide a package, a maintainer uploads a minimum of three files:
A metadata file (say, packagename.hint)
The package (foobar.bz2)
A gpg signature file for the package and metadata.
The metadata includes the path (within the mirror tree) for the file to
go to.
If the signature doesn't checkout on your 'net release' keyring, then
it's not a maintainer uploading.
A cron job could scan for new files every <x> minutes.
Rob
More information about the Cygwin-apps
mailing list