Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175])
	by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id 27BCC781B80
	for <~alpine/devel@lists.alpinelinux.org>; Thu,  2 Jan 2020 20:28:48 +0000 (UTC)
Received: by mail-pl1-f175.google.com with SMTP id a6so17503808plm.3
        for <~alpine/devel@lists.alpinelinux.org>; Thu, 02 Jan 2020 12:28:48 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=volDLUOxE9OeUdoforsk+JAK13Afqak+q7Grz6viNYs=;
        b=cssCoKEu5TJglXRRWxhJCMG3JttMpCtOpSDAHmQ1wZHm03TB1OSdtukQRtk+YeehCo
         TBCiuNUND3Y+57G6JRWbN7TySe2djXj0Z8VHo47RGcE/0CytsUC77u69RJcZehFMWz1v
         MWoyGnWVRtV6M8LMozOgC52I/+bDP0rrVzBVTRECtyl9wdUXxzs0xHcdu0C8WOk1PHK4
         LfLmGztakmQn1+GH7OhVE1mn4+h/Aa6CD7ihgX1jPF/i5gZ3XV3tARD4Mcwi24cwoMrd
         AC2J4vkNygC8cS5urotvDmWpwzgG8eAu+49jI2g0YbGW+YtMQtbfV1hwPldFAGzx732O
         5Byw==
X-Gm-Message-State: APjAAAUOo5L92GbsvLhUNesL8YT/GZV2Y9N8vCShxwcYYzjh7xbFDFbv
	0bOYfbiBPmMYbXU6GO/ZC/w=
X-Google-Smtp-Source: APXvYqyMbidDkUSOf39zcQL8SgSCWu3j8H4Gaju8r7XgLActCeqZkEhFyPNIbV2i8zlzN8sewfhYEg==
X-Received: by 2002:a17:90a:1b0a:: with SMTP id q10mr21471527pjq.126.1577996926875;
        Thu, 02 Jan 2020 12:28:46 -0800 (PST)
Received: from vostro.lan (2001-44b8-01b4-a600-3641-5dff-fe8b-7d4c.static.ipv6.internode.on.net. [2001:44b8:1b4:a600:3641:5dff:fe8b:7d4c])
        by smtp.gmail.com with ESMTPSA id l14sm58811242pgt.42.2020.01.02.12.28.44
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 02 Jan 2020 12:28:46 -0800 (PST)
Date: Thu, 2 Jan 2020 22:28:39 +0200
From: Timo Teras <timo.teras@iki.fi>
To: "Drew DeVault" <sir@cmpwn.com>
Cc: "Rasmus Thomsen" <oss@cogitri.dev>, "Kevin Daudt"
 <kdaudt@alpinelinux.org>, <~alpine/devel@lists.alpinelinux.org>
Subject: Re: new package format and repository layout changes
Message-ID: <20200102222839.67345997@vostro.lan>
In-Reply-To: <BZIY70GY8LED.6O9B0FCA816L@homura>
References: <34cd93c2ddfb985c29b3b74862c9e71945a34954.camel@cogitri.dev>
	<BZIY70GY8LED.6O9B0FCA816L@homura>
X-Mailer: Claws Mail 3.17.4 (GTK+ 2.24.32; x86_64-alpine-linux-musl)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Mon, 30 Dec 2019 13:00:34 -0500
"Drew DeVault" <sir@cmpwn.com> wrote:

> I'm not sure where in the thread this was originally mentioned, but -1
> to signing the repository name - i.e. main, community, edge, etc.
> 
> The source of the package is unimportant if its content can be
> verified with the signature. The ability to freely move signed
> packages between repos without re-signing them is desirable to me.
> Note as well that we do not sign the name of the mirror the package
> came from, despite arguably qualifying as some kind of metadata about
> the package.

The mirror is irrelevant for signing from my point of view.

But I'd rather not allow moving a alpine edge main to stable main
without rebuild (or at least resigning). So that's a different thing.

Though, I understand there might be need to to move packages like this
in certain scenarios. Is this just for purpose or redistributing the
packages in a new partial mirror, or alternate branding?

I would be interested to hear more about the use case to learn if we
could introduce a new feature to suit this requirement.

Timo