Re: RFS: trophy (Adopted and updated package)
On Mon, Jul 4, 2011 at 11:27 AM, Kilian Krause <email@example.com> wrote:
> That exactly was my idea too. To ship a source that is known and can be
> predicted regarding changes. If a security upload would be required but
> autoconf generates a broken configure due to some circumstances that
> couldn't be predicted at time the package was uploaded to unstable this
> is bad and will cause more time to be spent than what would actually be
> required for *only* fixing the bug.
Which is why we should rebuild from source as often as possible to
catch those issues.
> In other words I did say: generate whatever dh-autoconf would get you
> dynamically, test it, put it together as a patch and ship that patch
> statically for everyone to read what exactly the change is instead of
> hushing it up inside a large set of deep magic (that in my experience
> may or may not work based on "random" circumstances - depending on the
> upstream sources).
That sounds like something that goes against the spirit of our social
contract, specifically "We will not hide problems". By shipping a
pre-built build system you are papering over any autotools bugs; those
should be known and fixed instead.