Re: Source only uploads?
On Wed, Oct 22, 2003 at 12:50:27PM -0400, Fabien Ninoles wrote:
> Andrew Suffield wrote:
> >Nonsense. What are you talking about? With (a), it will not be noticed
> >*at all*. The bug will not appear until three months after the
> >release, when some sysadmin tries to rebuild the package on their
> >stable box.
> Same thing for (b): the maintainer environment is no more "natural"
> than the "artificial" one of buildd. In fact, I'm pretty sure that
> the buildd environment is nearest to the environment of a stable
> machine, than most developpers machines. And, at least, the buildd
> environment is more easily reproductible by the users.
You hit the nail on the head - it is more *reproductible*. Since
Depends are suppose to be satisfied by packages in Debian,
it makes sense that packages should be built on buildd.
I run Xfree 3.xxx and because of that I could not install
qt3-mt-dev needed by mysqlcc. So I made a dummy package that
satisfies qt3-mt-dev so I can install it and build and test
mysqlcc. After doing that, I uploaded source only since that
way I can be sure that the resulting build will be able to be
reproducible by the users.
IMHO, it is very important that source only uploads are allowed
a) developers are not running Sid
b) developers are not running up-to-date Sid
c) people are using pay-per-minute connections where uploading
5MB might cost less than uploading a 50k diff.
Everyone should always test the application on their system
before an upload, but they should be allowed to do source-only
PS. What about if the developer's machine had a gcc trojan that
sends itself on in programs that gcc builds? Just a thought.