Re: RFC: Central version control for Debian
On Tue, Jan 30, 2001 at 08:36:34PM +0000, Lars Wirzenius wrote:
> Andreas Schuldei <andreas@schuldei.org>:
> > It is the question of what you get for it. Is the cost worth it?
> >
> > If we had a more secure distribution it would be good.
>
> Using a centralized version control system for Debian packages wouldn't
> guarantee improved security. On the contrary, it would seem to result in
> a much more complicated way in which packages are updated. This doesn't
> sound good to me.
This, and your other message both seem to imply that you don't understand what
I am proposing. The way in which new packages are introduced into the archive
does not have to change, certainly not initially. The idea is to have a single
source repository where all of the code for standard and higher-priority
packages can be easily browsed, audited, and improved. It can be maintained in
parallel with the existing system, and used to send patches to package
maintainers.
And yes, I am volunteering to do the work. I would donate the disk space, but
it really doesn't seem to be all that large for this subset of packages. CVS
stores changed files pretty efficiently, and most of the non-upstream changes
to Debian packages are small.
--
- mdz
Reply to: