Re: This is how packaging should be done.

To: Jeremiah Mahler <jmahler@pacbell.net>, debian-devel@lists.debian.org
Subject: Re: This is how packaging should be done.
From: Erich Schubert <erich@debian.org>
Date: Mon, 10 Jun 2002 22:27:58 +0200
Message-id: <[🔎] 20020610202758.GB17220@bombadil.xmldesign.de>
In-reply-to: <[🔎] 20020610133307.GB30292@bingo.localdomain>
References: <[🔎] 20020610114132.GA29702@bingo.localdomain> <[🔎] 20020610082241.O13378@justice.loyola.edu> <[🔎] 20020610123754.GA30112@bingo.localdomain> <[🔎] 20020610124512.GR9519@ns> <[🔎] 20020610133307.GB30292@bingo.localdomain>

> Not everyone is forced to use the packages contributed from the public.
> There can still be packages approved by official developers. A user
> could decide to only use the packages marked as approved and they would
> be as safe as Debian is now.

Safe as default is better; and no one is hindering people from making
public debian repositories - it's just that no one actually needs them.
The only often-used non-official debian repositories are for software
that can either not be included (who will check that if you allow anyone
to add packages? who checks that we do not distribute illegal stuff??)
or for software where the maintainer thinks it's not yet suiteable for
inclusion (like my galeon2 packages, or openoffice.org - which is a
choice by the maintainers which probably would not be different if
anyone can add packages to the distribution, except that maybe someone
will add packages with even worse quality...)

> What about the situation where a package is broken and the maintainer
> is unreachable. In the model described in the article anyone could

I did some NMUs... We do have a Policy for that, you know?
I spend quite some time on the galeon packages, although i'm not the
maintainer (well i call myself backup-maintainer now ;) - this works
FINE, if there are people willing to do it (and go through the NM
process, which is good for quality and security.)

> fix the package (assuming it is not a critical package) but it would
> be marked as new so that people who only want safe packages would
> know to stay away from it. Then, if the maintainer comes back he/she
> could check the package and approve it so that it could now be used
> by people who want safe packages.

So our mechanism is even superior, because a trustworty other maintainer
can upload the fix, if he has checked it, even if the original
maintainer is away?

Greetings,
Erich

-- 
erich@(mucl.de|debian.org)        --        GPG Key ID: 4B3A135C
A polar bear is a rectangular bear after a coordinate transform.
Die kürzeste Verbindung zwischen zwei Menschen ist ein Lächeln.


-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- This is how packaging should be done.
  - From: Jeremiah Mahler <jmahler@pacbell.net>
- Re: This is how packaging should be done.
  - From: Michael Stone <mstone@debian.org>
- Re: This is how packaging should be done.
  - From: Jeremiah Mahler <jmahler@pacbell.net>
- Re: This is how packaging should be done.
  - From: Stephen Frost <sfrost@snowman.net>
- Re: This is how packaging should be done.
  - From: Jeremiah Mahler <jmahler@pacbell.net>

Prev by Date: Re: Galeon and Mozilla in woody have security issues
Next by Date: Re: XML Catalogs
Previous by thread: Re: This is how packaging should be done.
Next by thread: Re: This is how packaging should be done.
Index(es):
- Date
- Thread