Magnus Hagander [2013-02-19 16:40 +0100]:
> Unfortunately, it will take quite a while to propagate, no?
Yes, but it took a long time to set up apt.p.o, and the PPA won't
disappear anytime soon anyway. This is also something which we can
backport to 12.04 LTS, and 10.04 LTS' lifetime isn't that long any
more anyway. For Debian, there's a good chance we can get it into the
next release (wheezy); it's in deep freeze, but that's a low-risk
change.
> What we were considering was using a curl | sudo bash basically. It
> will then be signed by our main SSL certificate, so that should be
> almost as trustworthy as a package signature (ours would be
> exploitable by somebody tricking a public CA into giving them a cert
> for www.postgresql.org)
That seems fine indeed. There's nothing wrong with having more than
one way -- if you have the local script, use that, otherwise use above
approach?
Thanks,
Martin
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
