Bug#914897: tech-ctte: Should debootstrap disable merged /usr by default?
Steve McIntyre writes ("Bug#914897: tech-ctte: Should debootstrap disable merged /usr by default?"):
> There is a deeper worry about builds that may be done against the
> "weak" background. Although buildd chroots are easily fixed up,
> there's going to be a (small, but unknown) set of maintainers who
> might be uploading binaries from merged systems. I think we're making
> good progress on source-only uploads and building in clean chroots
> etc., but... It's also likely not easy to pick up on "wrong" binary
> packages built this way.
I think this is a valid concern but puts it far too narrowly.
There is a persistent misunderstanding embodied in your comments here
(or rather, embodied in a significant omission): the notion that the
only reason to build a package on a Debian system is for upload to
Debian.
Once I put it like that, this notion is obviously false. What is
happening is that the conversation is focusing on our own needs,
within Debian to help us produce Debian, to the exclusion of the needs
of our users. That is a natural tendency of course, but we must
resist it.
Back in the wider world, of course many people build packages on
Debian systems for installation `somewhere else'. I have done it
myself and probably many of the people reading this message have too.
What is implicitly going on here is that it is mostly-tacitly[2] being
assumed (or declared) that `I built this .deb on my laptop[1] and gave
it to my friend' is wrongheaded.
I don't think doing that is wrongheaded. Certainly it is extremely
common; we don't have any public pronouncements saying it is somehow
wrong; and we have had little discussion where we as a project decided
that this was now a use case which we feel free to just break.
Personally I think that this is a very important thing to keep
working. It is the very core of users' collective software freedom.
And that software freedom needs to be easy to exercise in practice.
Despite a lot of excellent tooling, chroots are still not entirely
trivial to set up and maintain.
I would invite the TC to read this manpage, which is trying to explain
to a Debian user how to change the programs on their own computer
https://manpages.debian.org/stretch-backports/dgit/dgit-user.7.en.html
and then consider how much even worse it would be if we had to write
about chroots too.
To TC members who are minded to uphold the current approach, I would
ask: can you please explicitly state your opinion on this ? That is:
Is it OK for a Debian user to build .deb on their laptop and give it
to their friend ? If it is OK, how will we make sure that it does
not pointlessly break ?
I readily admit that there are many ways that this can produce a
result significantly different to the official Debian package,
particularly because the package build system may configure itself
differently in the the presence of unexpected. The resulting package
is probably not going to be suitable for wide distribution.
But those kind of problems are (a) not serious in practice
(b) generally have obvious symptoms and (c) are easily worked around
by various means. Working around a usrmerge-generated failure is
difficult; it usually involves doing serious violence to the upstream
build system, or perhaps horrific rules file bodges.
Thanks,
Ian.
[1] Implicitly, without using a chroot.
[2] IIRC some people suggested this explicitly in the thread in
d-devel.
--
Ian Jackson <ijackson@chiark.greenend.org.uk> These opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.
Reply to: