[pkg-wpa-devel] Fwd: Packaging crda and wireless-regdb

Kel Modderman kel at otaku42.de
Thu Jan 29 23:34:52 UTC 2009 

On Friday 30 January 2009 07:00:32 Luis R. Rodriguez wrote:
> Hey Kel,
> 
> I sent an e-mail to debian-devel a few days ago asking for advice on
> getting some packages into Debian [1]. They recommended I contact the
> wpasupplicant maintainer which I believe is you. I'd like to help get
> two packages into debian, crda and wireless-regd.

Hi Luis,

I had seen the original mail to debian-devel mailing list already but have been
unable to make meaningful response to it this week. So this is a very very
quick brainstorm:

* Tim Gardner announced intention to package this stuff up for Ubuntu on linux
  wireless mailing iirc. Usually Ubuntu people co-operate with Debian people to
  lessen their future workload (by getting package into Debian somehow). I
  wonder what the status of the Ubuntu work is, if they have intention to
  co-operate with Debian people, and if duplication of effort could be
  avoided?

* wireless-regdb ... I don't really know how I can explain my thoughts clearly
  here ... just correct any wrong assumptions I make.

  The release tarball contains a precompiled binary (regulatory.bin), and the
  build system defaults to simply installing this binary with the usual
  "make && make install". I think this default is not in agreement with Debian
  Free Software Guidelines, a prospective Debian wireless-regdb package
  should be building regulatory.bin from its source files (which are the
  preferred point of modification).

  If regulatory.bin is built from its source in Debian package, I am not sure
  how this openssl rsa digital signature snakeoil fits into the equation. Its
  purpose is to "ensure regulatory.bin file authorship and integrity", but in
  Debian this extra file trust/integrity check seems redundant as apt already
  must be configured to grab stuff from a trusted source (via gpg), only
  trusted people can upload software which gets built and distributed to users
  via apt, file integrity can be verified via debsums etc etc ... Obviously
  John Linville cannot log on to each Debian package build daemon and sign it
  after it has been built either :)

  Why is it important that regulatory.bin contains an rsa signature on a Debian
  system which already goes to great lengths to ensure file ownership and
  integrity? What significance is it if the database is unsigned or signed by
  someone != John Linville?

* This pkg-wpa team doesn't have many other frequently active maintainers.
  I think crda + wireless-regdb will present some challenges in the future
  which will require more than I could offer by myself (especially in regards
  to responding quickly and meaningfully to bug reports sent to BTS).
  pkg-wpa-devel group is intended to be shared by people with interest in
  Debian and/or Ubuntu too, btw.

Thanks, Kel.

More information about the Pkg-wpa-devel mailing list