Re: RFC: Central version control for Debian

To: Joey Hess <joeyh@debian.org>
Cc: debian-devel@lists.debian.org, dominik@kubla.de
Subject: Re: RFC: Central version control for Debian
From: Michael Neuffer <neuffer@mail.uni-mainz.de>
Date: Wed, 31 Jan 2001 05:00:12 +0100
Message-id: <[🔎] 20010131050012.A31628@mail.uni-mainz.de>
In-reply-to: <[🔎] 20010130153351.P24991@kitenet.net>; from joeyh@debian.org on Tue, Jan 30, 2001 at 03:33:52PM -0800
References: <[🔎] 20010129165414.L2501@alcor.net> <[🔎] 20010130153351.P24991@kitenet.net>

Quoting Joey Hess (joeyh@debian.org):
> Matt Zimmerman wrote:
> > Recent discussions about auditing have gotten me thinking about Debian's use of
> > version control (or lack thereof).  Currently, the situation is left in the
> > hands of individual developers.  Many of them use CVS; some use other methods;
> > some use no version control at all.
> 
> At the past two Atlanta Linux Showcases, there have been two main
> themes of discussion. One is autobuilding all of Debian (and
> build-dependancies are making that more and more possible, though there
> are still hurdles). The other is checking it into cvs.

In my opinion _proper_ autobuilding depends on an CVS (or some similar tool)
archive.

> Presuming we could find someone to donate the disk space, I think it
> would be worth it. Matt listed some of the nice benefits it would yeild.

As we already discussed in Atlanta, I'm willing to donate the diskspace
to set this up on the central servers.

The advantages that we will gain from a CVS/autocompile (make world bootstrap)
combo are easier security audits, far less dependency problems since
everything is build on the same foundation in contrast to the 600 or so 
different environments that packages are currently build in.

It is the foundation on which the trust of our users/customers
in our distribution can be build. This would be an attribute that 
would help the entry of Debian into the corporate world enormously.

It would allow us to eventually do weekly builds of the binaries for 
the whole distribution, at least for those architectures where we
have fast enough compile machines to compile everything in a timely 
manner.

There is one more reason why are actually _must_ have a source
repository. There are laws (and also the GPL itself IIRC) that 
require us to keep the sources available for a couple of years.

Currently nobody would be able to reproduce this. IANAL but 
theoretically we could be held accountable for damages if we can't
reproduce packages that have been published on our ftp servers.
We could not publish repositories like unstable, testing, etc anymore
since nobody archives _all_ the changes in there. This can only be 
done via a central source archive.

Cheers
   Mike

Reply to:

References:
- RFC: Central version control for Debian
  - From: Matt Zimmerman <mdz@debian.org>
- Re: RFC: Central version control for Debian
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Re: Maintainers gone away?
Next by Date: Re: dbs package - should I upload it?
Previous by thread: Re: RFC: Central version control for Debian
Next by thread: Re: RFC: Central version control for Debian
Index(es):
- Date
- Thread