Re: Source only uploads?
On Wed, Oct 22, 2003 at 12:50:27PM -0400, Fabien Ninoles wrote:
> Andrew Suffield wrote:
> >Nonsense. What are you talking about? With (a), it will not be noticed
> >*at all*. The bug will not appear until three months after the
> >release, when some sysadmin tries to rebuild the package on their
> >stable box.
>
> Same thing for (b): the maintainer environment is no more "natural"
> than the "artificial" one of buildd. In fact, I'm pretty sure that
> the buildd environment is nearest to the environment of a stable
> machine, than most developpers machines. And, at least, the buildd
> environment is more easily reproductible by the users.
You hit the nail on the head - it is more *reproductible*. Since
Depends are suppose to be satisfied by packages in Debian,
it makes sense that packages should be built on buildd.
I run Xfree 3.xxx and because of that I could not install
qt3-mt-dev needed by mysqlcc. So I made a dummy package that
satisfies qt3-mt-dev so I can install it and build and test
mysqlcc. After doing that, I uploaded source only since that
way I can be sure that the resulting build will be able to be
reproducible by the users.
IMHO, it is very important that source only uploads are allowed
in case:
a) developers are not running Sid
b) developers are not running up-to-date Sid
c) people are using pay-per-minute connections where uploading
5MB might cost less than uploading a 50k diff.
Everyone should always test the application on their system
before an upload, but they should be allowed to do source-only
uploads.
- Adam
PS. What about if the developer's machine had a gcc trojan that
sends itself on in programs that gcc builds? Just a thought.
Reply to: