This is an overview of what would be required: https://wiki.debian.org/SettingUpSignedAptRepositoryWithReprepro The key bit, I think, is that "in general, you should run [gpg --gen-key] on the computer hosting the apt repository, as the user that will sign the packages". If I understand that correctly, then either a single individual with control over their own server would end up volunteering to be the long-term maintainer of the deb packages (which was the situation with Sebastian), or a generic user on a TEI server (presumably the "tei" user on tei-c.org) would do it, so that the update/release duties could be passed from person to person over time. That's why we wanted to build/release on tei-c. If anyone remembers differently, please correct me. Cheers, Martin On 2016-11-28 09:53 AM, Lou Burnard wrote:
[apologies for the preceding aborted message]
Thanks for the quick response Martin.
It doesn't seem to me that "backburnering" is a very desirable state of affairs. At the very least http://tei.oucs.ox.ac.uk/teideb/ needs to be updated with a warning if it is not currently serving up current versions of the packages.
If Stefan was fingered as DPM, he will need replacing THIS MONTH, as he is no longer active on Council.
I don't see what the possibility or otherwise of building on tei-c.org has to do with it. We don't worry about that when building other TEI products: they get built where they get built. The issue here is where they are going to be served from. You don't need saxon to run a debian repo sfaik ! Someone suggested we could set up a PPA (whatever that is) on github quite easily, if I recall aright.
Or we should just say, sorry we don't do that anymore and stand by for some bad vibes.
On 28/11/16 17:38, Martin Holmes wrote:
As far as I recall, this is the situation:
The debs were always released by Sebastian, and signed with his personal key. IIRC James now has access to that key and could conceivably sign packages, but I think everyone agreed that would be a bad idea.
Therefore there was a plan for someone else to take over signing and releasing the packages, and Stefan was looking into this the last time I heard anything about it.
This was also partly tied up with the question of whether we should build things on tei-c.org, and that issue is tangled up with the problem of the version of Saxon on tei-c being too old for building purposes, but required IIRC for the existing CMS system; so the discussion may have been back-burnered pending the replacement of the CMS with something more modern.
Cheers, Martin
On 2016-11-28 09:33 AM, Lou Burnard wrote:
About a year ago, Martin H did a Community Consultation thing about whether or not we should continue to distribute debian packaged versions of at least some parts of the TEI product line.
The response was yes we should. (I simplify). But I can't find any evidence of what happened thereafter. Step 15 of TCW22 suggests we are probably still building packages as part of the release but I don't believe they are necessarily getting put anywhere people can get at them.
(Step 15 reads "Inform the Debian Package Maintainer of the new release Note: This step may change as we review Debian Package Creation The Debian repository can only be updated by its maintainers, so let the Debian Package Maintainer know that your release is done, so they can grab the new packages and add them to the repository. ")
I don't know who the DPM is, nor what state we are in as regards reviewing DPC.
So who is the DPM? The notes at http://tei.oucs.ox.ac.uk/teideb/ though very precise and helpful surely need some updating.