Re: Multipart package (IRAF)

To: Zed Pobre <zed@moebius.interdestination.net>
Cc: Debian Developers List <debian-devel@lists.debian.org>
Subject: Re: Multipart package (IRAF)
From: Manoj Srivastava <srivasta@datasync.com>
Date: 18 Feb 1998 01:42:25 -0600
Message-id: <[🔎] 87oh05740u.fsf@tiamat.datasync.com>
In-reply-to: Zed Pobre's message of "Wed, 18 Feb 1998 00:24:47 -0600 (CST)"
References: <[🔎] Pine.LNX.3.96.980217235846.25515B-100000@moebius.interdestination.net>

Hi,

	You do not have to compile for libc5 unless you want to. In
 fact, I think you should not be compiling a new package for
 libc5 this late in the cycle, but that's just an opinion. So you do
 not have to worry about bugs coming off two different systems, so
 that takes care of one objection to compiling the package rather than
 using pre-compiled binaries.

	I think we have to compile it and make sure there are no bugs,
 since Debian is no longer single architecture, and 2, from the policy
 manual:
______________________________________________________________________
2.1.2. The main section
-----------------------

     Every package in "main" must comply with the DFSG (Debian Free
     Software Guidelines).

     In addition, the packages in "main"

        * must not require a package outside of "main" for compilation or
          execution (thus, the package may not declare a "Depends" or
          "Recommends" relationship on a non-main package),
        * must not be so buggy that we refuse to support them,
        * must meet all policy requirements presented in this manual.
______________________________________________________________________

	So we can't not compile this package 'cause we fear bugs in
 the process.

	I can't see anything in policy that states we can't use
 precompiled binaries+source, but I think if the package is so buggy
 we can't even compile it, we should not be distributing it.

	Also, I think source packages should not contain binaries at
 all, and that too binaries for just one architecture.

	In my opinion, this package does not belong in Debian unless
 we can actually compile it. Technically, we are also supposed to look
 at the source code and assure ourself that it does not contain a
 trojan horse or any other major security nono.

	I think that mantianers who do not do that are risking the
 reputation of Debian, but that is another story.

	manoj

 Though I have not looked at all the source code for my packages, I
 have skimmed it all, and I pay close attention to the upgrade diffs
 each time. I am luck to be maintaining packages that are quite
 popular, and hence come under a great deal of scrutiny.
-- 
 "...what's the point of ... new technology if you can't find some way
 to pervert it?" Effinger, "Marid Changes His Mind", IASFM, 1/90
Manoj Srivastava  <srivasta@acm.org> <http://www.datasync.com/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Re: Multipart package (IRAF)
  - From: Zed Pobre <zed@moebius.interdestination.net>

References:
- Multipart package (IRAF)
  - From: Zed Pobre <zed@moebius.interdestination.net>

Prev by Date: Multipart package (IRAF)
Next by Date: Re: Bug#988: `script' is insecure, and general tty insecurity
Previous by thread: Multipart package (IRAF)
Next by thread: Re: Multipart package (IRAF)
Index(es):
- Date
- Thread