[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Source only uploads?

On Wed, Oct 22, 2003 at 12:50:27PM -0400, Fabien Ninoles wrote:
> Andrew Suffield wrote:
> >Nonsense. What are you talking about? With (a), it will not be noticed
> >*at all*. The bug will not appear until three months after the
> >release, when some sysadmin tries to rebuild the package on their
> >stable box.
> Same thing for (b): the maintainer environment is no more "natural"
> than the "artificial" one of buildd.  In fact, I'm pretty sure that
> the buildd environment is nearest to the environment of a stable
> machine, than most developpers machines.  And, at least, the buildd
> environment is more easily reproductible by the users.

You hit the nail on the head - it is more *reproductible*. Since
Depends are suppose to be satisfied by packages in Debian,
it makes sense that packages should be built on buildd.

I run Xfree 3.xxx and because of that I could not install 
qt3-mt-dev needed by mysqlcc. So I made a dummy package that
satisfies qt3-mt-dev so I can install it and build and test
mysqlcc. After doing that, I uploaded source only since that
way I can be sure that the resulting build will be able to be
reproducible by the users.

IMHO, it is very important that source only uploads are allowed
in case:
 a) developers are not running Sid
 b) developers are not running up-to-date Sid
 c) people are using pay-per-minute connections where uploading
    5MB might cost less than uploading a 50k diff.

Everyone should always test the application on their system 
before an upload, but they should be allowed to do source-only

- Adam

PS. What about if the developer's machine had a gcc trojan that
sends itself on in programs that gcc builds? Just a thought.

Reply to: