Re: The unofficial buildd effort and its shutdown - my POV
Ingo Juergensmann <ij@2004.bluespice.org> writes:
> The security, which is mentioned and stressed *so* many times in this
> thread, was the same level as it was for "offical" buildds for several
> years now - and still is. I'm the same guy who was trusted in 2000 to be
> able to build packages for Debian as I'm still today.
> But there are people who argue that non-DDs can't be trusted and that
> untrusted uploads and untrusted buildds are harming Debians trust at
> all. So, they're neglecting my past 4 years work for Debian. Isn't that
> nice?
I haven't seen anyone saying that they don't trust you in particular.
I've seen a lot of people saying that they're very nervous about packages
entering the archive without an explicit trust relationship, and it seems
like the primary mechanism the project has currently for establishing such
a relationship is the NM process. I think you may be personalizing this
more than is needed. If you applied and were rejected, *then* people
would be saying that they don't trust you personally. All that they're
saying right now is that the project trust in you has never been vetted by
a formal process, something that I believe is simply factual, is it not?
> I don't think that's surprising that I'm frustrated and tired of all
> these stuff directed against me and that I'm not wasting my time and
> money any longer when it's obvious that my work is not appreciated
> anymore.
Are the packages being accepted into the archives? If so, I think the
work is appreciated, is it not? It sounds like some of the things you've
offered to Debian have been appreciated and accepted and some of them have
not.
I'm (relatively) new to Debian, but I'm not new to free software projects
or public discussion groups, and I've found it worthwhile to keep
reminding myself from time to time that a bunch of discussion on a mailing
list is, in the end, just a bunch of discussion on a mailing list. Volume
can be completely unrelated to influence, positions can be stated more
strongly in argument than they would be applied in reality, and people can
say things in the heat of a thread that they would reconsider in leisure
later.
It's rather more important what people *do* than what people say.
> So, please decide first (as a project) if you appreciate my work and
> trust me (although I'm no DD) or if you prefer to have backlogged
> ports. (No, this is no extortion or anything like that. I just want to
> know how reliable Debian as a project is and how well I can trust *you*
> and if you still appreciate what I'm doing or not.)
Perhaps I'm being naive here, but it seems to me like you're asking for
formal validation of the project's trust. Is there not a regular
procedure for obtaining that? Perhaps it would be worthwhile to create
some additional method of vetting and formally validating trust other than
the NM process, but I would expect creation of such a thing to take a
rather extensive amount of time, and in the meanwhile there already is
such a process that you could (I assume) use if you want.
Perhaps I'm missing something here, but to myself (fairly new to Debian,
not yet a DD myself, not yet *quite* ready to apply to NM), it seems like
you're asking for special and distinguished treatment in establishing
formal trust rather than following the procedure that most everyone else
has followed.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
Reply to: