Re: Using buildds only (was: Results of the meeting...)
On Mon, Aug 22, 2005 at 10:45:58AM +0200, W. Borgert wrote:
> Quoting Sven Luther <firstname.lastname@example.org>:
> > All packages should be built by official debian buildds anyway, not on
> > developper machines with random cruft and unsecure packages installed, or
> > even
> > possibly experimental or home-modified stuff.
> That would be very good, indeed. I am very much in favour of allowing
> only source-only uploads and having all binaries build by the buildds
> only. The argument against it is, that DDs wouldn't check, whether
> the package builds cleanly etc. I think, that this is a poor argument,
> but anyway.
According to stories I've heard from people from Ubuntu (that does it
this way), it quite clearly isn't, because of the pretty high number of
people who upload packages without even testing the build themselves.
> Fortunately, Martin Krafft came up with the idea of
> allowing source-only uploads only together with a signed test protocol.
> The test protocol would have to include the output of lintian, linda,
> and piuparts - warnings allowed, errors not.
That doesn't test buildability.
Additionally, it's very easy to fake, because lintian and linda produce
_no_ output if you don't have warnings or errors...
The amount of time between slipping on the peel and landing on the
pavement is precisely one bananosecond