From mboxrd@z Thu Jan  1 00:00:00 1970
From: Mark H Weaver <mhw@netris.org>
Subject: Re: Torrenting GuixSD!
Date: Wed, 25 Feb 2015 10:32:50 -0500
Message-ID: <87oaoidn19.fsf@netris.org>
References: <54DE3317.7090002@riseup.net> <87vbj5e83e.fsf@fsf.org>
	<20150213205028.3f7cb9ba@PocketWee> <87wq382w45.fsf@gnu.org>
	<20150223205440.GA25828@debian> <87vbiqw0o4.fsf@gnu.org>
	<20150225141215.GA5109@debian.math.u-bordeaux1.fr>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:41468)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mhw@netris.org>) id 1YQdx4-0003Nz-El
	for guix-devel@gnu.org; Wed, 25 Feb 2015 10:32:46 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mhw@netris.org>) id 1YQdx0-0003Ym-E5
	for guix-devel@gnu.org; Wed, 25 Feb 2015 10:32:42 -0500
In-Reply-To: <20150225141215.GA5109@debian.math.u-bordeaux1.fr> (Andreas
	Enge's message of "Wed, 25 Feb 2015 15:12:15 +0100")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: Andreas Enge <andreas@enge.fr>
Cc: guix-devel@gnu.org, Polchi <polchi.dabarov@riseup.net>

Andreas Enge <andreas@enge.fr> writes:

> On Wed, Feb 25, 2015 at 03:00:59PM +0100, Ludovic Court=C3=A8s wrote:
>> Andreas Enge <andreas@enge.fr> skribis:
>> > I still think it would be nice to include the signature into the torre=
nt.
>> It=E2=80=99s probably fine to point to the .sig that=E2=80=99s on alpha.=
gnu.org, no?
>
> Well, it is more a question of education than anything: By including the
> signature, downloaders are directly pointed to it. Of course, it can also
> be downloaded separately, but this is an additional step. We should make
> "the right thing" as easy as possible.

If we were to extend this argument to non-torrent downloads, then all
of our downloads (source tarballs and images) should be tar files
containing a signature bundled with the thing being signed.  mit-krb5
follows this policy with their source tarballs.  I suppose there can be
no arguments on matters of taste, but personally I don't like it.

I have some experience with torrents, and I tend to find it annoying
when downloads that would naturally be a single file are bundled into a
directory with other stuff.  For one thing, it means that I can't
organize my files as I prefer without keeping the directory name and
structure that the torrent creator chose, at least not if I want to
facilitate later seeding.

My preference would be to keep things as they are now.  IMO, it would be
better to educate people on how to download and check the detached
signature in our installation instructions.  That's a lesson that can be
used for almost every software package that is signed upstream, which
would be far more useful than educating them on some non-standard
signature distribution method that hardly anyone uses.

    Regards,
      Mark