Win32 packages released on sourceforge
Dimitrie O. Paun
dimi at intelliware.ca
Tue Mar 23 13:14:27 CST 2004
On Tue, 23 Mar 2004, Paul Millar wrote:
> Hi Dimi,
>
> I guess we have to agree to disagree on this one. I still think that
> synchronous message-passing in distributed systems is a recipe for
> disaster (asynchronous is the only way to go). So schedule me a "told you
> so" email a few months after the winetest.exe goes live ;^)
Noted. :)
> OK, so what I'll do is finalise things here and set up a cron job (at 10am
> localtime) to build winetest.exe and publish the results somewhere. That
> should be fairly simple.
Thank you, thank you, thank you!
> The rest is just a matter of agreeing what to
> put where and how to register new binaries.
I thought Brian told you already how we're going to do this.
Here are the steps again:
-- you build a new winetest.exe
-- zip it into a file named winetest-<YYYYMMDDhhmm>.zip,
where <YYYYMMDDhhmm> is our BUILD_ID we've discussed about in the past
-- store this file on the server, and say that the URL to it will be:
http://theserver/path/winetest-<YYYYMMDDhhmm>.zip
-- store the MD5SUM key that you've computed into a sister file
with the name winetest-<YYYYMMDDhhmm>.zip.cookie. It's URL will be:
http://theserver/path/winetest-<YYYYMMDDhhmm>.zip.cookie
-- send the following request (using lynx):
http://test.winehq.org/service?publish=winetest&url=http://theserver/path/winetest-<YYYYMMDDhhmm>.zip
-- expect an 'OK' back as a response
Still to be decided:
A. The winetest.exe that we'll store in the .zip we'll keep under
this name, or we'll rename it to winetest-<YYYYMMDDhhmm>.exe?
IIRC my chat with Chris, we should keep it as winetest.exe
B. I guess that the GPG signature will do into the .zip file
as an ASCII file. How do we name that? I would prefer something
like 'winetest-<YYYYMMDDhhmm>.asc' or somesuch.
C. You need to tell us _exactly_ what the 'http://theserver/path/'
is going to be. We need to store that on the WineHQ end to
protect against others doing nasty stuff with our distribution
system. :)
> I'm GPG-signing all the binaries, as this is trivial for me to do and
> should help improve security a bit. The auto-signing key doesn't have a
> pass-phrase (so its only as good as the integrity of the machine), but
> that's true for auto-built binaries anyway. I'll sign the auto-signing
> key with my own key (available from my web site) and publicly announce it
> soon.
>
> I'm no GPG expert, but does that sound OK?
Sounds good. Having it signed is a good idea, and you can go ahead and
implement it. It may take us a bit longer to actually check the signature,
but that's a different matter.
> Just as an aside, when do people in the US change their clocks? Everyone
> in the EU is changing to DLS-time (BST in the UK) this Sunday.
Does it matter? Is UTC dependant on the daylight savings time?
--
Dimi.
More information about the wine-devel
mailing list