On Tue, 23 Mar 2004, Paul Millar wrote:
Hi Dimi,
I guess we have to agree to disagree on this one. I still think that synchronous message-passing in distributed systems is a recipe for disaster (asynchronous is the only way to go). So schedule me a "told you so" email a few months after the winetest.exe goes live ;^)
Noted. :)
OK, so what I'll do is finalise things here and set up a cron job (at 10am localtime) to build winetest.exe and publish the results somewhere. That should be fairly simple.
Thank you, thank you, thank you!
The rest is just a matter of agreeing what to put where and how to register new binaries.
I thought Brian told you already how we're going to do this. Here are the steps again: -- you build a new winetest.exe -- zip it into a file named winetest-<YYYYMMDDhhmm>.zip, where <YYYYMMDDhhmm> is our BUILD_ID we've discussed about in the past -- store this file on the server, and say that the URL to it will be: http://theserver/path/winetest-<YYYYMMDDhhmm>.zip -- store the MD5SUM key that you've computed into a sister file with the name winetest-<YYYYMMDDhhmm>.zip.cookie. It's URL will be: http://theserver/path/winetest-<YYYYMMDDhhmm>.zip.cookie -- send the following request (using lynx): http://test.winehq.org/service?publish=winetest&url=http://theserver/pat...<YYYYMMDDhhmm>.zip -- expect an 'OK' back as a response
Still to be decided: A. The winetest.exe that we'll store in the .zip we'll keep under this name, or we'll rename it to winetest-<YYYYMMDDhhmm>.exe? IIRC my chat with Chris, we should keep it as winetest.exe B. I guess that the GPG signature will do into the .zip file as an ASCII file. How do we name that? I would prefer something like 'winetest-<YYYYMMDDhhmm>.asc' or somesuch. C. You need to tell us _exactly_ what the 'http://theserver/path/' is going to be. We need to store that on the WineHQ end to protect against others doing nasty stuff with our distribution system. :)
I'm GPG-signing all the binaries, as this is trivial for me to do and should help improve security a bit. The auto-signing key doesn't have a pass-phrase (so its only as good as the integrity of the machine), but that's true for auto-built binaries anyway. I'll sign the auto-signing key with my own key (available from my web site) and publicly announce it soon.
I'm no GPG expert, but does that sound OK?
Sounds good. Having it signed is a good idea, and you can go ahead and implement it. It may take us a bit longer to actually check the signature, but that's a different matter.
Just as an aside, when do people in the US change their clocks? Everyone in the EU is changing to DLS-time (BST in the UK) this Sunday.
Does it matter? Is UTC dependant on the daylight savings time?