Re: [pgsql-pkg-debian] Re: We should not transition to apt.postgresql.org until we have a PPA

On Tue, Feb 19, 2013 at 4:36 PM, Martin Pitt <mpitt(at)debian(dot)org> wrote:
> Magnus Hagander [2013-02-19 16:22 +0100]:
>> > The instructions at http://www.postgresql.org/download/linux/debian/ are a
>> > bit much right now, so some automation toward reducing them would be useful.
>
>> Yes. This is why we have multiple debian packaging experts in the
>> project. And also people who know some things about debian packages
>> and some things about usual customers, to bridge the gap ;)
>
> I think I can claim to have a sufficient understanding of how Debian
> and Ubuntu archives and packaging work to offer to write such a
> script. :-)

Most definitely.

(BTW, this proves which debian packager wasn' tin the IRC channel at
the time :P)

>> Just to keep people informed, the current plan which is the latest
>> conclusion in the IRC discussion amongst the packagers is:
>>
>> * Change the package pinning to be less conservative, and more with
>> what most people want. That will remove one step from the installation
>> instructions. Obviously this needs some lead time, but shouldn't be
>> too much.
>
> I'm very much in favor of this.
>
>> * Create an automated script that will set the repository up for
>> people. This can either be downloaded and run, or it can be downloaded
>> as a signed https download and piped directly to the shell for those
>> daring people who trust postgresql.org.
>
> My current idea is to ship both the GPG key and the script in the
> Debian/Ubuntu postgresql-common package. This closes the
> authentication loophole in the sense that you can trust to get the
> real postgresql archive if you trust that you have the real Debian
> archive, and it doesn't need scary "wget | sudo bash" hacks.

Unfortunately, it will take quite a while to propagate, no?

What we were considering was using a curl | sudo bash basically. It
will then be signed by our main SSL certificate, so that should be
almost as trustworthy as a package signature (ours would be
exploitable by somebody tricking a public CA into giving them a cert
for www.postgresql.org)

> So in theory this script could also set up the apt pinning, but I'd
> rather not, because (1) doing that automatically would be besides the
> point of having the pinning requirement in the first place, and (2)
> automatically doing this can potentially break an already existing
> (unrelated) apt pin configuration in "interesting" ways.

Yeah, +1.

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/