Re: Source only uploads?
On Mon, Oct 20, 2003 at 03:19:48PM +0100, Andrew Suffield wrote:
> > > a) All packages uploaded to the archive are built in an artifical
> > > environment. All packages in the archive function as expected.
> > >
> > > b) The package is uploaded from real-world environments. Sometimes it
> > > breaks; when this happens the bug is noticed and corrected, so that the
> > > package always builds the same way.
> > c) The package is uploaded from the real-world environment where it works,
> > built on the architecture 99% of the users have. The breakage in the
> > other architectures' autobuilt packages is not noticed until after Sarge,
> > and/or when somebody does an NMU (or takes over the package) and suffers
> > from severe brain trauma trying to figure out how the h*ll it could have
> > worked _ever_.
> This is the same as (b), only delayed. Still acceptable - we noticed
> the bug and fixed it.
The point is that with a), it will be noticed earlier. What none of these
options achieves (although a is closer than the others), but which would be
"nice to have", would be to ensure that all binary packages are built with
the same versions of libraries etc.; this would avoid some cases of
Ideally maintainers would build their packages for upload in a "clean"
unstable environment, which would have pretty much the same effect as
autobuilding for all arches, but this is a pipedream.
> Sounds like the perfect getting in the way of the good; the end result
> Papering over these issues is *not the answer*. Find them and fix
> them, it's not hard.
I think this commentary can be equally well applied to the status quo.
The point of build-deps is to try to replicate a situation in which a
package can be built. The perfect would be a set of consistent binary packages
in the archive, built from a source package which would build on any system
meeting the build-dep requirements. The good would be a set of consistent
binary packages with no nasty surprises caused by maintainers' weird systems,
but that occasionally fail to build on systems with previously-untried
combinations of packages.
Whether or not the binary package that the maintainer uploads is actually
allowed into the archive has damn nearly zero impact on its usefulness for
finding build problems. Conversely, it is likely to have a significant impact
on the reliability and consistency of the binary packages in the archive.
The severity of problems caused by an unnoticed build-weirdness getting into
a stable release is likely to be far less than that of a bug in the
autobuilt binaries (that does not occur in the maintainer-built binary); think
potential data loss on 64-bit platforms, for example, when the maintainer built
(and most testing happened) on i386.
In the cases of build weirdnesses however, it will always be possible to
work around it by rebuilding in an artificial environment.