[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#241689: I'm going to NMU this

On Fri, 03 Sep 2004 21:56:27 +0200, Florian Weimer <fw@deneb.enyo.de> said: 

> * Manoj Srivastava:
>> On Fri, 03 Sep 2004 18:25:24 +0200, Marc Haber
>> <mh+debian-devel@zugschlus.de> said:
>> 
>>> Looks like what I was fearing has already happened. We have lost
>>> about a third of our buildd network, thus moving sarge behind even
>>> more.
>> 
>> 
>> Since when have we placed arbitary deadlines above quality?

> I don't think our concerns are related to quality, but about how
> much someone is allowed to do for Debian without being a club
> member.

	It not merely membership in a club; the underlying principle
 behind acceptance (either to debian, or the list of buildd's) has
 been one of trust, as well as a threshold of competence,  as
 determined by the people in charge (or the gating mechanism). 

> From a formal point of view, it's certainly not acceptable
> that someone who's been denied membership tries to bypass these
> safeguards.

> It's quite unfortunate that this problem shows up at this particular
> time, though.

>> If a third of our build network was not trusted by the delegates in
>> charge of Debian's buildds, the solution is to get more trusted
>> buildd machines, not to shove packegs in wily nilly.

> Trust is only loosely related to quality.

	Quite. But a trusted (they are not likely to maliciously
 inject code into packages) but incompetent (uhh, what's linux?)
 entities are unlikely to find acceptance. So the selection criteria
 is broader than just security concerns.

>> Bull-fucking-shit. Shoving packages from dubious build machines is
>> just as well not caring for the users. In this day and age people
>> not even giving a passing nod to security issues is a bloody shame
>> too.

> Our users are willing to sacrifice some security so that they can
> run Debian.

	Really? How can you tell? Or are we merely debatin
 proof-by-assertion?  I sure as hell would not run Debian if it made
 this kind of a compromise for popularity over quality all the time.

> Switching off buildds won't resolve Debian's inherent security
> problems.

	Not again. No, no one thing can  *EVER* resolve all of
 Debian's inherent security problems.  But every little bit can help. 

>       It won't make Debian acceptable to those who so far had
> to refrain from using it, either.

	It may make debian remain viable for some of us.

	manoj
-- 
There's too much beauty upon this earth for lonely men to
bear. Richard Le Gallienne
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C
Reply to: