snapshot.debian.org implications for you

To: debian-devel-announce@lists.debian.org
Subject: snapshot.debian.org implications for you
From: Peter Palfrader <weasel@debian.org>
Date: Tue, 11 May 2010 09:26:25 +0200
Message-id: <[🔎] 20100511072625.GA20447@intrepid.palfrader.org>
Mail-followup-to: debian-snapshot@lists.debian.org

Hi,

now that snapshot.debian.org went online Debian keeps a copy
of all packages (sources + binaries) and accompanying metadata
that get uploaded into any of our archives.

If you missed the announcement last month you can find it online
at [1].


Short version:
--------------

If you uploaded stuff to debian that is not redistributable you
will have to let the snapshot people know to remove it.


Not so brief version:
---------------------

In the past, if one uploaded software and it turned out that it was not
redistributable in parts a new upload to unstable usually fixed that
without anybody else having to get involved.  If Debian could not
redistribute the software at all, a simple bug against ftp.debian.org
caused it to be removed by ftp-master.

The public nature of snapshot.debian.org means that simply uploading a
new, fixed version of the package is no longer good enough to put us
back into compliance.  We need to also remove the software from
snapshot.

Therefore if you uploaded something that is not redistributable please
file a bug against the snapshot.debian.org pseudo-package asking for
removal:

o Ideally this bug would only be filed once the offending data is no
  longer on ftp.d.o (or volatile or security or ...) but as long
  as no *new* unredistributable files get added this is not strictly
  necessary (we can handle "bad" files that come back).
o Removal requests should usually be done by source package.  At least
  we have scripts that deal with those kind of requests reasonably well.
  If it's not as simple as that we'll of course manage, just elaborate
  in the bug report.
o If not all versions of a package are affected please say so.  Then we
  can get rid of only parts and need not delete more than necessary.
o Please specify if is enough to just remove the binaries, or if we need
  to also remove all the sources.  (Some licenses may allow source
  redistribution but prohibit distribution of binaries, built from
  modified source.)
o If ftp-master needs to remove the package too it might make sense to
  have the snapshot bug block on the ftp bug, or to file only one bug
  and ask ftp-master to reassign to snapshot once they have dealt with
  the issue.

Of course this applies to not only packages that you uploaded but to
anything that snapshot is redistributing when we shouldn't.  I am
currently not aware of anything in that class but if you are please
speak up.

The current log of removals is available at [2].

Cheers,
weasel

1. http://www.debian.org/News/2010/20100412
2. http://snapshot-master.debian.org/removal/

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: Bits from the NM process: advocacy messages
Next by Date: mipsel buildd status update
Previous by thread: Bits from the NM process: advocacy messages
Next by thread: mipsel buildd status update
Index(es):
- Date
- Thread