[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Coming soon ... "unofficial repository" for packages

Hi all!

I've been reading the thread on a "user-contrib directory" with interest,
since I've been thinking along the same lines for quite some time.

I would be nice to have a unofficial spot on the 'net where anybody,
not just Debian developers, could put up a .deb file they had made
(or other things).

So I've decided I'll set something like that up on my server.  I'll probably
get to it by the next weekend.  (getting LinuxHQ 100% back online
is my top priority, getting my support business running is #2)


I think it would be beneficial to the Debian project to have an "unoffical

It won't play the same role as what Red Hat's contrib directory is for.
That is still done quite well by the current Debian project.  But it
will serve to increase the current dynamic nature of Debian by encouraging
even more experimentation and debate -- but outside the influence of
the Debian project's authority. 

I will always encourage everybody to become a Debian developer -- there is 
really no reason not to become one.

But there are many situations where somebody might want to make packages
outside of the scope of the Debian project:

 * new or prospective maintainers - we want to encourage people to become
     maintainers.  But there is a certain amount of procedure involved
     in doing this.  I don't think we'll ever be able to grant
     maintainer status as fast as it takes to get a pizza from Domino's.

     If somebody is really "keen" -- they might get excited by a posting
     on c.o.l.a., build a quickie package, decide it is really cool, and
     then want to share it.  But they might lose interest in distributing
     it when they find they've got to wait 2 weeks or more before they
     are approved as a maintainer.  It would be nice to have somewhere
     where they could upload their packages in the interim so that they
     don't lose interest.  This would gain us more maintainers, and allow
     us to take more care when doing maintainer verification.

 * experimental software or pre-beta software - sometimes somebody wants
     to package something up, but uploading the package to master would
     be problematic.  Maybe the package breaks other packages.  Or maybe
     it is so buggy, the maintainer doesn't want bug reports.

 * hostile non-maintainer releases - what happens when a Debian developer
     is maintaining a package, and somebody else wants to release a
     newer version, or a differently packaged version - and can't arrange
     terms with the official Debian maintainer?  It would be great to
     have somewhere where packages could be uploaded so that the
     maintainers can duke it out based on the quality of the packages.

     For example, I maintain the jdk1.1 packages for Debian.  They are
     from blackdown.org and are currently at version 1.1.3.  There is
     now an alternate version of the jdk available from Sergey Nikitin
     from ASU -- and that is at version 1.1.4.  I want to stick with
     the Blackdown version, since they also have a 1.1.4 version coming
     out sometime in the future.  But somebody else might really, really
     want the ASU JDK package.  So they can make a version of it, and upload
     that to the unofficial repository.  It might create problems for
     me since it would have the same name, and might have bugs that
     affect upgrading to my official Debian package.  But as a maintainer,
     I don't have to feel sympathetic towards people who used a hostile
     version of "my" package.

     The nice thing about this is that it would put a little bit of
     pressure on maintainers of high-profile packages to keep their
     releases up-to-date since they would now have potential competition.

     This would also probably increase the number of Debian developers,
     as people who now felt compelled to "action" to fix a broken
     package might suddenly find that they are brought in to the fold
     when the original maintainer hands over responsibility for the
     official Debian package to the upstart.

 * non-policy releases - in some cases, it might make a lot of sense to
     make a package that installed stuff into /opt or /usr/local (ie.
     if you need to keep separate libs for a development version).
     This wouldn't conform to policy, so it shouldn't become a part of
     the standard Debian distribution.

 * abnormal/experimental packaging - it would be nice to have a place
     where packages converted from Red Hat using alien could be uploaded.
     Or perhaps you are working on an alternative to dpkg-source that
     uses a different, improved packaging format.  Or other packaging
     system experimentations.  This stuff can't go to master, but it
     should still go somewhere.

So I'm going to set up an "unofficial repository".  I won't call it contrib,
since that is confusing. 

Here's how I think it will work:

 - There will be an upload queue, like on master (but anonymous).
 - In order to upload, people will have to email me with their PGP key.
   I will add them to the keyring.
 - I'll use a hacked-up copy of dinstall to move the uploaded stuff out
   of the incoming queue to the final directory.  This will only work for
   people who's PGP keys are in the keyring (they will have to upload a
   signed changes file).  Each person who uploads will have their own
   directory, like on CPAN.
 - Initially, I won't generate packages files.  But in the future I might
   allow for per-directory Packages files.

There won't be many rules for the site.  I think they will boil down to:

 1) Nothing illegal.  No Warez.  Nothing that violates legally binding
    license agreements.  Nothing violating my sense of decency.

 2) It's my site.  I can take your PGP key out of the keyring and delete
    your files if I want.

I'll make this my pet project for next week if there isn't violent
opposition.  I could also actually use some help setting things up if you
are that way inclined.


 - Jim

Attachment: pgp1G0opyoF4n.pgp
Description: PGP signature

Reply to: