[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Do not make gratuitous source uploads just to provoke the buildds!

Peter 'p2' De Schrijver wrote:
> Why would a port release after the main release ?

Probably to fix up a few remaining arch-specific bugs.

> Why, if debian doesn't
> care about the non-release archs, would the porters even bother to
> follow the release arch sources and not just release whenever they 
> like ? They don't gain anything by following the main release.

Except the possibility to profit from the release team's efforts,
and to create an actually supported release. It is not reasonable
to believe a small porter team can do security updates for a
unstable snapshot when a task of similiar size already overloads
the stable security team.

> > If an arch has enough developers on it to keep stuff building, and
> > that means supplying patches to unstable fast and early enough to get
> > them into testing and ultimately stable I see no reason why the arch
> > shouldn't release. Make some rule to limit out-of-sync, say no more
> > than 1% sources differences to stable for the release.

1% is huge when it is glibc. :-)
I think the yes / no decision about a ports release should be finally
done by the security team, because they are the ones to get the work
thrown at. A "no" would mean it can be still distributed along with
the released ports, but it would signal the port's users that they have
to ask the porter team for security updates (which would then lag a bit).

> > Any problems with that?
> > 
> Yes. It doesn't make sense. Either debian releases with all archs, or
> every arch releases on its own. The latter is favoured by the current
> proposal and will diminish debian's value. The former is the way to go.
> Scalability problems need to be solved by improving infrastructure or
> procedures as appropriate. A middle ground between both release
> approaches is not sensible as it will still make the ports dependent on
> a possibly suboptimal upstream tree without having the benefit of debian
> security updates. Ie. ports get all the disadvantages of a synchronized
> release without getting any of the advantages. That's just plain unfair.

I believe there _is_ some space between those extremes, if the port's
source is synced enough with the main release.


Attachment: signature.asc
Description: Digital signature

Reply to: