Win32 packages released on sourceforge

Dimitrie O. Paun dimi at intelliware.ca
Tue Mar 23 13:14:27 CST 2004 

On Tue, 23 Mar 2004, Paul Millar wrote:

> Hi Dimi,
> 
> I guess we have to agree to disagree on this one.  I still think that
> synchronous message-passing in distributed systems is a recipe for
> disaster (asynchronous is the only way to go).  So schedule me a "told you
> so" email a few months after the winetest.exe goes live ;^)

Noted. :)

> OK, so what I'll do is finalise things here and set up a cron job (at 10am
> localtime) to build winetest.exe and publish the results somewhere.  That
> should be fairly simple.

Thank you, thank you, thank you!

> The rest is just a matter of agreeing what to
> put where and how to register new binaries.

I thought Brian told you already how we're going to do this.
Here are the steps again:
  -- you build a new winetest.exe
  -- zip it into a file named winetest-<YYYYMMDDhhmm>.zip,
     where <YYYYMMDDhhmm> is our BUILD_ID we've discussed about in the past
  -- store this file on the server, and say that the URL to it will be:
	http://theserver/path/winetest-<YYYYMMDDhhmm>.zip
  -- store the MD5SUM key that you've computed into a sister file
     with the name winetest-<YYYYMMDDhhmm>.zip.cookie. It's URL will be:
	http://theserver/path/winetest-<YYYYMMDDhhmm>.zip.cookie
  -- send the following request (using lynx):
	http://test.winehq.org/service?publish=winetest&url=http://theserver/path/winetest-<YYYYMMDDhhmm>.zip
  -- expect an 'OK' back as a response

Still to be decided:
  A. The winetest.exe that we'll store in the .zip we'll keep under
     this name, or we'll rename it to winetest-<YYYYMMDDhhmm>.exe?
     IIRC my chat with Chris, we should keep it as winetest.exe
  B. I guess that the GPG signature will do into the .zip file
     as an ASCII file. How do we name that? I would prefer something
     like 'winetest-<YYYYMMDDhhmm>.asc' or somesuch.
  C. You need to tell us _exactly_ what the 'http://theserver/path/'
     is going to be. We need to store that on the WineHQ end to
     protect against others doing nasty stuff with our distribution 
     system. :)

> I'm GPG-signing all the binaries, as this is trivial for me to do and
> should help improve security a bit.  The auto-signing key doesn't have a
> pass-phrase (so its only as good as the integrity of the machine), but
> that's true for auto-built binaries anyway.  I'll sign the auto-signing
> key with my own key (available from my web site) and publicly announce it
> soon.
> 
> I'm no GPG expert, but does that sound OK?

Sounds good. Having it signed is a good idea, and you can go ahead and
implement it. It may take us a bit longer to actually check the signature,
but that's a different matter.

> Just as an aside, when do people in the US change their clocks?  Everyone
> in the EU is changing to DLS-time (BST in the UK) this Sunday.

Does it matter? Is UTC dependant on the daylight savings time?

-- 
Dimi.

More information about the wine-devel mailing list