Towards a transition plan to nonfree.org (was Re: summary of software licenses in non-free)
On Tue, Jan 20, 2004 at 12:19:36PM +1000, Anthony Towns wrote:
> > > Personally, I'm finding it pretty hard to work out what I'd want to
> > > work on should this GR pass -- can I put up with crappy, contrib-style,
> > > third party non-free stuff well enough that I can avoid having to do
> > > a whole lot of boring make work to reimplement various bits of Debian
> > > infrastructure?
> > I don't think you need to reimplement Debian infrastructure in order to
> > duplicate it, just to adjust it. Of course, you're more expert than me
> > to comment on this.
> Re-roll-out? Whatever. You don't have to rewrite it, but you do have
> to get new machines,
Well, let's have a look at this first. Do you really think they'd need
more than one machine? If we assume that nonfree.org will get mirrored,
most of the load should be up to whatever archive maintenance system
will be used, plus the BTS.
For a couple of hundred packages, I'd imagine any recent box should
suffice. Again, your input as owner@debbugs and ftp-master on this
subject would quite valuable. I'll try to get some figures about
download volumes from a mirror admin, too, though, if nobody beats me to
> and set it all up, and maintain it, and patch the systems, and track
> upstream and all that other stuff. There's a lot of effort there, and
> it's pretty boring, and given it's just for non-free stuff, it's
> pretty low value -- certainly compared to doing the same work for the
> main archive.
True. That said, I'd like to stress the point again that neither I nor
anybody else expects the current Debian infrastructure maintainers to
step forward and setup/maintain nonfree.org. But a bit of advice to
whoever might do it would be very welcome I guess.
> > I wouldn't consider
> > outsourcing less than 200 packages (forgot the exact number) a 'fork'.
> > The requirements for infrastructure and maintenance are considerably
> > lower than for a full-blown fork of Debian, IMHO.
> I'm not really convinced. If you're going to have it work as well
> as Debian, you need to have an archive and a bug tracking system and
> probably some mailing lists.
Let's break this down:
1. Mailing Lists
I guess setting up mailing-lists is fairly easy these days, plus I don't
think a lot would be needed.
2. Bug Tracking System
The BTS is a different story. It would be gratis if a gforge-like
service would be used, but I guess gforge is not really suited for this
kind of downstream stuff (haven't talked to the alioth admins about this
yet, though). So the question is: How much work would setting up debbugs
for an independent archive be? I'd say it would be quite a bit of work,
but I think nothing unsurmountable.
3. Package Archive and its Maintenance
> If you're going to have it be centralised, as opposed to lots of
> independent apt sources, you need to have signed uploads, and some way
> of verifying the people who send you keys are who they say they are,
> and, ideally, aren't grossly incompetent. I don't think any of the
> non-Debian apt repositories satisfy these requirements,
I agree that signed uploads are a requirement for this, as is a verfied
developer base. The policy of who will be in the nonfree.org keyring is
of course left to its maintainer, but I guess DDs and perhaps people
which passed the identification test in n-m are alright. One will have
to wait and see whether the nonfree.org developers will be a subset of
the current DDs or will rather be a different set of people mostly.
Furthermore, I believe that dak is overkill for nonfree's size. If
somebody steps forward to set it up and maintain it on nonfree.org, that
would be cool of course, but in the absence of an volunteer, I don't
think it's really required to have katie for that.
Now, one system which provides centralized apt-sources and signed
uploads is currently used for mentors.d.n. I've talked to one of the
maintainers a while ago and he said it should be possible to use that. I
haven't spoken to the main developer yet, though, so I'm not sure about
the availabilty of it (it might be non-free, dunno :)
4. Package Tracking
Oh, and I've talked to Raphael Hertzog about PTS. He said it should be
possible to put the PTS on a non-official Debian archive without too
That's it so far.