Re: Uploading to buster-backports NEW as source-only

To: Thomas Goirand <zigo@debian.org>
Cc: debian-backports@lists.debian.org
Subject: Re: Uploading to buster-backports NEW as source-only
From: Thorsten Glaser <t.glaser@tarent.de>
Date: Mon, 3 May 2021 18:54:48 +0200 (CEST)
Message-id: <[🔎] 11ea97f-986d-df51-c22-46f7d0917230@tarent.de>
In-reply-to: <[🔎] 69d71f2f-2707-b2ac-177c-4f0cf8627444@debian.org>
References: <[🔎] 69d71f2f-2707-b2ac-177c-4f0cf8627444@debian.org>

On Mon, 3 May 2021, Thomas Goirand wrote:

> It looks like the rules for NEW in buster-backports are the same as for
> unstable, that is, one cannot upload to NEW as source-only.
> 
> Is this on purpose? It doesn't feel like it's a sensible thing to do...

Maybe, maybe not, but…

> <troll>
> The FTP masters may reply that they need to check for the package, but
> then if I upload a s390x binary, will that help? :) My guess is that
> s390x will also work, but they will be useless for checking, no? :)
> </troll>

… you’re mixing backports and the main archive here so let me elaborate
on the main archive position (AIUI) first a bit:

The ftpmasters have control over what goes into Debian. Normally, they
would check every upload, but since that isn’t feasible due to manpower,
only NEW and binary-NEW uploads are checked, as a gesture of nicety and
trust into individual uploaders.

Paragraph break. Digest the above first, it’s eye-opening.

Now, while they don’t run the actual binaries or ensure they’re built
from the corresponding source (buildds and reproducible-builds are meant
to validate that), uploading the binary packages is still necessary for
a number of checks. Updating the package lists (though ISTR the .dsc
nowadays contains enough information for that maybe?) and override files,
but, more importantly, running lintian on it to catch severe issues…
files in /opt for example. These things you won’t see in the source, and
if ftpmasters had to build each package themselves first you’d never see
any progress in NEW processing. You can’t just let the buildds do that
either because a package to be built by them has to be DFSG-free first.

As for backports, there used to be “if you built it yourself you’re more
likely to have tested it yourself beforehand”, not sure how much of that
still applies. It also is an easy REJECT if the package wasn’t built in
the correct chroot… in theory, anyway.

I’m not sure (yet) how much of backports NEW processing logic depends on
having a set of binary packages available; somehow I can see the idea of
“it’s basically a diff against the version in testing”. We’ll see… maybe.

bye,
//mirabilos
-- 
Sometimes they [people] care too much: pretty printers [and syntax highligh-
ting, d.A.] mechanically produce pretty output that accentuates irrelevant
detail in the program, which is as sensible as putting all the prepositions
in English text in bold font.	-- Rob Pike in "Notes on Programming in C"

Reply to:

References:
- Uploading to buster-backports NEW as source-only
  - From: Thomas Goirand <zigo@debian.org>

Prev by Date: Uploading to buster-backports NEW as source-only
Next by Date: nsd_4.3.5-1~bpo10+1_amd64.changes REJECTED
Previous by thread: Uploading to buster-backports NEW as source-only
Next by thread: nsd_4.3.5-1~bpo10+1_amd64.changes REJECTED
Index(es):
- Date
- Thread