[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: This is how packaging should be done.

Stephen Frost :

>* Jeremiah Mahler (jmahler@pacbell.net) wrote:
>  
>
>>On Mon, Jun 10, 2002 at 08:45:12AM -0400, Stephen Frost wrote:
>>    
>>
>>>Bad idea from a security standpoint, of course.
>>>      
>>>
>>Not everyone is forced to use the packages contributed from the public.
>>There can still be packages approved by official developers. A user
>>could decide to only use the packages marked as approved and they would
>>be as safe as Debian is now.
>>    
>>
>
>I don't believe it would be in the best interest of our users for Debian
>to use its limited resources to host an essentially open FTP site where
>anyone can put files which happen to have a '.deb' extension.
>  
>
At the same time, if someone is so selfish and think they can do a better
job then the existing maintainer, and repackaging the same package in
some form of public ftp. We will have a very mess up distruibution with
a LOT of ideas but NONE communication. (They may as well started their own
OS+software distruibution) And if the spirit of this act is against
Debian's believe, we should not change out believe base on personal ego.
Especially, I feel a sense of someone try to use Debian as they marketing
tool. Like a wolf putting on the sheep skin mixing into the farm.

>>>"Specific people" being the entire set of Debian people, which is a
>>>pretty decently sized set of people.
>>>
>>>      
>>>
>>What about the situation where a package is broken and the maintainer
>>is unreachable. In the model described in the article anyone could
>>fix the package (assuming it is not a critical package) but it would
>>be marked as new so that people who only want safe packages would
>>know to stay away from it. Then, if the maintainer comes back he/she
>>could check the package and approve it so that it could now be used
>>by people who want safe packages.
>>    
>>
>
>If there is a serious bug in a package and the maintainer is unavailable
>the NMU system can be (and often is) used.  That's what it's there for.
>Maintainers who know they're going to be unavailable even encourage it
>by letting other maintainers know when they're going to be unavailable.
>Additionally, for stable (and testing maybe?), security bugs are handled
>by the security team.
>
>	Stephen
>  
>
How long have we been around? How much of improvment we have done? If the
"solution" is a good one, I think everybody will try to put it into the
system and improve it. Have you plan a tree? You know what will happen to
them if you pull them when they were young and try to help them grow
faster? They die. And have you crash your car into a strong well planted
tree? You die. Any system require a long time to find out what is good
for them, forceing thing around may not be a good thing for the entire
system.
Alex

Alex



-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: