On Fri, Jan 10, 2003 at 03:11:34PM -0200, Pablo Lorenzzoni wrote: > | I think any tool that allows users to install software directly from > | upstream without that software first being vetted by a maintainer should > | be kept as far away from Debian as possible. The QA process in Debian is > | already much weaker than I wish it would be; I don't see any reason why > | we should *endorse* a tool that bypasses all QA in this manner. > I understand your concearn, but we already "allow" rpm packages to be > installed w/o any QA. I don't see any reason why we should't do the same with > a Ports-like system. Ever tried it? The Debian 'rpm' package does not let you install rpms on your system without a fair amount of hand-adjustment. This is quite intentional. > As I said before: **I am not trying to replace dpkg/apt** These are our > standard and I think they should go on being our standard. These are the > packages that should pass through our QA team. > Everything should remain as it is (with improvements where needed, of course, > but mainly as it is). This Ports-like tool is just another package, as rpm > is. But you proposed apt-gar, which would bless this with the 'apt' name; and you proposed a system where source code is pulled directly from upstream sources without review by maintainers, which as I said I didn't think even the ports systems did. There are only two ways such a system can work: it can either interface with the Debian packaging system, or it can ignore that system. If it interfaces with it, who writes the maintainer scripts? Who checks for policy compliance? Debian has the good fortune that most .debs -- even those *not* in the archive -- are largely policy-compliant: unlike rpms. This would certainly change with autogenerated packages. If it doesn't interface with the packaging system, how do you prevent it from overwriting files installed by an already-installed package? I don't object to a ports-like system for Debian; I object to the idea of pulling anything directly from upstream and installing it on a Debian machine using Debian-provided tools. > Come on... is it really that a big deal? It's just some way for > advanced users to generate .deb packages from upstream tarballs. Maybe > even we, developers, could have some use for it, after all... I don't think advanced users are the ones most likely to use such a tool. -- Steve Langasek postmodern programmer
Attachment:
pgpM7D5DpRgT5.pgp
Description: PGP signature