[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dpkg_1.16.1.1~bpo60+1_i386.changes REJECTED

   hi, intrigeri!

* intrigeri <intrigeri+debian@boum.org> [2011-11-02 22:25:44 CET]:
> Raphael Hertzog wrote (02 Nov 2011 15:32:39 GMT) :
> > Well, I prepared this upload to make it easier to prepare other backports.
> [...]
> > Given that debhelper depends on dpkg-dev >= 1.16.1 and that many packages
> > already start using debhelper compat level 9 in order to support hardening
> > build flags, I think it's important to have the latest dpkg-dev available.
> 
> FWIW, I asked Raphaël a few days ago about his timing for this
> backport (that was announced on -devel [1]) for this very reason:

 It's quite an interesting move to announce such a thing without
contacting the people running the service beforehand to discuss issues.

> this version of dpkg not being available in the backports repository
> is the only reason that blocks me from replacing hardening-wrapper
> with the new dpkg -based hardening build flags in packages I maintain.

 Right, though: dpkg is more than just dpkg-dev and a build tool. It's
the core central package tool and thus extreme care has to be taken in
this respect.

> I wholeheartedly understand, and support, Gerfried's concerns about
> not making the backports troublesome. I feel Raphael explained why
> this specific backport should not bring trouble.

 Rather the contrary: Raphaël claims that only dpkg-dev would ever be
installed in the build environments when specificly pulled in. That's
not the troublesome part, that's the part that would be the beneficial
one. The troublesome part is that the whole dpkg suite will be made
available to endusers, and the side-effects of dpkg itself as central
package tool aren't addressed, at all.

 Also, just to let you know, I was contacted privately by two people
shortly after this mail got to this very list with thanks for raising
the concerns.

 So, to sum it up: I totally understand why a backport of dpkg-dev would
be wanted and makes sense (to some degree, see next paragraph), but the
situation is that dpkg-dev isn't a source package on its own and given
that it brings dpkg itself into the play is asking for way too much
troubles that I would feel comfortable with.

 About "to some degree" (and this is my private opinion, not necessarily
shared by the backports ftpmaster role or other people in that team):
Most packages these days are done within some VCSes. Having a seperate
branch in there for the backports seems only natural. Being able to
cherry-pick the commit for such new features and unroll those specific
changes in said backports branch doesn't sound like magic to me.

 Thanks for understanding,
Rhonda
-- 
Fühlst du dich mutlos, fass endlich Mut, los      |
Fühlst du dich hilflos, geh raus und hilf, los    | Wir sind Helden
Fühlst du dich machtlos, geh raus und mach, los   | 23.55: Alles auf Anfang
Fühlst du dich haltlos, such Halt und lass los    |
Reply to: