LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Safeguarding GNOME.org with an upload lockdown

Safeguarding GNOME.org with an upload lockdown

Posted Nov 19, 2011 9:50 UTC (Sat) by liw (subscriber, #6379)
Parent article: Safeguarding GNOME.org with an upload lockdown

I wonder... GNOME developers have git commit access. Would it not make more sense to abandon the notion of having the developers generate the tarballs, and have a gnome.org server create them instead, directly from git?

(Log in to post comments)

Safeguarding GNOME.org with an upload lockdown

Posted Nov 24, 2011 12:41 UTC (Thu) by ovitters (subscriber, #27950) [Link]

That is something I'd like to see, but not that easy as:
- tarball is more than just a tag from git
- ./autogen.sh and make dist have various dependencies; these aren't static
- we do this on a server, don't want to touch it
- sometimes make dist even creates a ChangeLog from git, etc

So though I'd like to see this, it is rather difficult. For short term security again it is easier to focus on something I can achieve.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds