Re: Transition to gnat-4.6

To: <debian-ada@lists.debian.org>
Subject: Re: Transition to gnat-4.6
From: Ludovic Brenta <ludovic@ludovic-brenta.org>
Date: Tue, 27 Sep 2011 13:55:00 +0100
Message-id: <5ba65f3d948639f30f40449cc124ecf1@ludovic-brenta.org>
In-reply-to: <82wrcuci4m.fsf@stephe-leake.org>
References: <8d0ffde73cf6af605927039a74f89890@ludovic-brenta.org> <82bou7edqq.fsf@stephe-leake.org> <20110926123846.GA2247@pegase> <82wrcuci4m.fsf@stephe-leake.org>

Stephen Leake wrote:

This means that under the current rules Debian Maintainers cannot
maintain libraries, only applications. Is that limitation deliberate?I
don't recall seeing it mentioned anywhere.


I wouldn't go so far as to say Debian Maintainers cannot maintain

libraries; only that they require a sponsor for every binary packagename

change, which normally includes soversion changes.  With Ada, this

requirement additionally applies to aliversion changes. Maybe theDebian

Policy for Ada should make that more explicit.  I certainly knew about,

and accepted, this limitation all along, and yes, it is deliberate.I'm

pretty sure the soversion change case was considered when the Debian
Maintainer status was created.

The reasons why I accepted the requirement for me to sponsor every
aliversion and soversion changes were:
- I dit not anticipate the number of DMs and packages to increase this
  fast :)
- I was hoping, and am still hoping, for my best Padawans to grow into
  full Debian Developers; I have said so explicitly a few times :)
- The uploads DMs made without my sponsoring (i.e. after initial upload

and binary package name changes) have been very helpful in the pastandhave made it possible to increase the number of Ada packages inDebian

  without increasing my workload too much.

Any maintainer can make his package Build-Depend on gnat, or imitatea
shared library to fake whatever automatic test I can imagine.


I think you are implying that Bad Things Can Happen if this rule is
accepted; can you be more explicit?

For example, how would a malicious DM get malicious code uploaded by
this rule, that they can't do now?


I think the danger that DM status prevents is that a malicious DM
hijack a package that they don't own.  There are strict rules for

non-maintainer uploads; DMs simply cannot do NMUs. I think yourproposed

rule would make it much easier for a DM to hijack a package without a
formal NMU, e.g. by renaming one of their binary packages to a package
that already exists.

--
Ludovic Brenta.

Reply to:

Follow-Ups:
- Re: Transition to gnat-4.6
  - From: Stephen Leake <stephen_leake@stephe-leake.org>

References:
- Transition to gnat-4.6
  - From: Ludovic Brenta <ludovic@ludovic-brenta.org>
- Re: Transition to gnat-4.6
  - From: Stephen Leake <stephen_leake@stephe-leake.org>
- Re: Transition to gnat-4.6
  - From: Nicolas Boulenguez <nicolas.boulenguez@free.fr>
- Re: Transition to gnat-4.6
  - From: Stephen Leake <stephen_leake@stephe-leake.org>

Prev by Date: Re: Transition to gnat-4.6
Next by Date: Re: Transition to gnat-4.6
Previous by thread: Re: Transition to gnat-4.6
Next by thread: Re: Transition to gnat-4.6
Index(es):
- Date
- Thread