Re: An idea.... (Was: debfind.net (was: GNOME-HELIX))
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 30 Jun 2000, Ben Armstrong wrote:
> On Fri, 30 Jun 2000, Clay Crouch wrote:
> > If that should happen, how would we maintain QC?
> 
> Who is the "we" in this sentence?  If it is Debian, then taking on this
> responsibility is actively sanctioning the development of .debs outside of
> Debian.  I have not yet heard a compelling argument for why this should be
> done.
Perhaps my choice of language was poor. I don't propose to maintain QC
over the _packages_. If they are unofficial, then they become solely the
responsibility of the user/author/maintainer/etc.
I _do_ propose that we make the attempt to maintain QC over the Debian
_distribution_ (as originally installed on the user's machine) if 
possible, by warning the user that she might break her system by
installing a package that is of unknown quality.
If the user installs such a package despite the warnings, then the
responsibility for it's quality and legality rests solely on them,
_not_ on Debian.
I hope this clarifies what I meant.
[ Whether or not you agree is entirely another matter. :^) ]
<....Snippage....>
> After following the whole GR debate, at first taking a moderate stance
> that yes, something should be done about non-free, but finally being
> compelled by the "status quo" arguments to change my mind, I do not think
> unofficial repositories are good for the project.
If you concede that non-free should (for the moment) remain within
the Debian project, then I agree with you on this, for the reasons
you state in the next paragraph....
> If there are legitimate sources of debs that are currently not in the
> archives, we should look to ways of bringing them into the project,
> rather than accomodating for them in this fashion.
I agree with you on this point as well, if non-free is allowed to remain.
OTOH, if non-free is removed, all bets are off. I myself will participate
in the construction of an 'unofficial' deb archive.
#include <asbestos_jockeys.h> /* See .signature */
> This is not about being "control freaks".  It has everything to do with
> ensuring not just "some" quality control, but the *highest possible*
> quality control.
Agreed.
> Why settle for anything less? 
We should not. At least as far as packages in _our_ archive are concerned.
> If there is a way to ensure better quality control, we should go for it.
> If the packages are "unofficial" because they are "bad for Debian" (for
> legal or whatever other reasons) then why sanction them?
I don't see extending a modicum of QC to cover _all_ debs as an official
sanction of thrid-party debs, just an acknowledgement of their existence.
This idea would be merely an attempt to keep them from contaminating the
unwary user's system with namespace conflicts, bugs, holes, warez, etc.
[ The net effect is to make the user un-unwary. :^) ]
Is that such a bad idea, technically _or_ philosophically? :^)
Now, if the users chooses to.... Caveat Emptor.
To me personally, it makes no difference. Everything I need to use has
thankfully made it's way into the archive already, one way or another.
[ Well.... Except for some CERNLIB stuff, but that's source; no problem. ]
Anyway, I was just posting a rambling thought....
Cheers!
 ____________________________________________________________________
/ Clay Crouch, Shamless Bum ;^>    | <danno@danno.tzo.com>           \
| Linux Administration/Consulting  | <http://danno.tzo.com/~danno>   |
+----------------------------------+---------------------------------+
| GPG 7D2AD631: 2319 2356 FEDF 4631 63F3   762A E443 1C2A 7D2A D631  |
+--------------------------------------------------------------------+
| I speak only for myself.    Flames quietly consigned to /dev/null. |
+--------------------------------------------------------------------|
|          Debian Linux: The choice of a GNU generation!             |
\____________________________________________________________________/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
iD8DBQE5XLY45EMcKn0q1jERAj0jAJwI9uvMiWpQ77ftc8xOCuti+uSnPACeOnEl
D5HN33gC7ev2JexZm22J19Y=
=gl9I
-----END PGP SIGNATURE-----
Reply to: