Ceph

Either set up a gitbuilder, or build the packages manually and put in a repo, or just use the dho packages+repo (built manually).

Ok, I just rsynced the dho packages (manually built) over to the gitbuilder url. At the very least, need to document where the package sources are so they can be adjusted later.

Pretty sure i built this on pudgy, whose disk has just died.

I'd apt-get source these and verify we can rebuild these packages, and then call this done. Sometime soon we will need to build a fastcgi package without the patch in there that dumps the full environment for every request... let's make sure we can do that easily.

So I've built the packages from the git repo versions (not source, but binary) and they install on my
precise desktop without security complaint. I haven't yet located anything that can actually validate the signature and print a response; dpkg-sig is just silent about the package or the .changes file.
Maybe I could uninstall the Ceph key and try installing?...really unclear that the signature
is effective. I do see the PGP marks in .changes. ???

Iiuc its apt and not dpkg that checks sigs. Creating and signing a repo and pointing apt at it is enough to generate the warnings. It sounds like its all set tho... let's double check tomorrow and then close this out!