[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: *seconded* Re: Bits (Nybbles?) from the Vancouver release team meeting

On Wed, Mar 16, 2005 at 11:07:56AM -0500, Stephen Frost wrote:
> * Kyle McMartin (kyle@mcmartin.ca) wrote:
> > On Wed, Mar 16, 2005 at 03:06:19PM +0000, Rob Taylor wrote:
> > > Yes, that makes total sense. Would there likely be major objections to
> > > this?
> > >
> > 
> > Even less (likely zero) testing of packages by the maintainer before they
> > upload? This is definitely a serious problem...
> > 
> > Famous last words...
> > "Oh, I'll just make this one change, rebuild source and upload."
> What about requiring a binary upload with the source upload, but then
> rebuilding the binary on the buildd of the uploaded binary *anyway*?
> Having the extra check that it actually *builds* on that buildd would be
> a good thing, the security team will probably need it once it's stable..

Was proposed in the last major "binary vs. source" flamewa^W discussion,
and met with, IIRC, the resounding sound of crickets chirping. However,
I think that one of the statements which have been made about "Why can't
random porter DDs build and upload if the wanna-build admins don't add a
buildd" - to wit, "It is important to make sure *the* buildds can rebuild
it if we have to do a security update" - should apply to our favorite
popconular arch just as much as any other. Which is to say, "building from
source on i386" should be a required step whether or not it was uploaded
that way.

On the flip side, having a DD at least demonstrate that *some* system is
able to build the thing without blowing chunks can potentially save us some
number of "Augh, don't people even CHECK this stuff anymore?" on the part
of the buildd signers, and preserving their sanity is a Good Thing.

Or, in other words, I rather like the idea of "You are required to
upload at least one copy of each binary, but all binaries will be
built from source on the buildds."

The one situation that would need to be addressed (but this is true today,
and is a social issue that requires other things to solve) would be
folks firing off a source+binary upload, and then immediately uploading
a binary-only upload as the "port" upload. Whether "don't do that" is
sufficient, or we should limit binary uploads to a separate "trusted buildd
admin" keyring, or something else entirely, well... I'm sure we can find a
good solution, I don't know which one would be best.

Hmmm. I may just have found a wishlist item for debpool, though. :)
Joel Aelwyn <fenton@debian.org>                                       ,''`.
                                                                     : :' :
                                                                     `. `'

Attachment: signature.asc
Description: Digital signature

Reply to: