[Debian-olpc-devel] Bug#512258: Bug#512258: sugar-web-activity: drop-down input fields (HTML forms) not working
dr at jones.dk
Tue Jan 20 22:51:02 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
On Tue, Jan 20, 2009 at 10:59:18PM +0100, Sascha Silbe wrote:
> On Tue, Jan 20, 2009 at 03:34:11PM +0100, Jonas Smedegaard wrote:
>> Or rephrased: Acknowledged, I do not (yet?) sign my unofficial
>> packages provided at debian.jones.dk.
> OK, I've used them anyway as it's for a testing VM only.
I claim (through this signed email) that I myself compiled all packages
offered at debian.jones.dk in clean (or least-possible-unclean) build
environments. The warning showing in your APT frontend does not indicate
bad packaging quality, only uncertainty of origin: Theoretically someone
could do a man-in-the-middle attack while you fetched my packages and
replace them with something nasty. But that is all signing does. And the
reason I have so far not bothered signing, even if I use those packages
myself in production - for servers and workstations that approx. 1.000
users depend on privately as well as professionally.
Personally I have greater trust in my own backports done this way than
in backports.org, YMMV. :-)
> New VM with lenny + your repository: not reproducible
> New user on lenny + sid machine after updating to latest Sugar from sid:
> still reproducible
> So either some non-Sugar package from sid really slipped in (any way to
> check that?) or there's some difference between the Sugar packages in
> your repository and the ones in sid.
My Lenny packages has been compiled against libraries in Lenny.
Sid packages has been compiled against libraries in Sid.
Mixing "branches" raises risk of incompatibilities. As this clearly
Please test if a pure Sid environment works. If it does, I believe we
should simply close this bug.
 If a package is backported to a more conservative branch, and needs
some library backported too, then the library gets backported in a clean
environment and is then included in an almost-clean environment. If the
build process needs helper tools backported then that is either done
The package URL hints about the branch used, e.g. sugar-toolkit for Etch
on i386 is built in the almost-clean "etch-i32+src" environment at the
build host "auryn":
That "+src" pollution is available too: http://debian.jones.dk/pkg/src/
* Jonas Smedegaard - idealist og Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Debian-olpc-devel