[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Build logs from local builds



On Wed, Oct 28, 2009 at 07:12:15AM +0100, Stefano Zacchiroli wrote:
> On Mon, Oct 26, 2009 at 02:29:47PM -0500, Adam Majer wrote:
> > Or here's a radical idea - allow source only uploads of packages.
> 
> He, radical, but not new :) It has been discussed to death various
> times. The most likely (and IMO better) alternative to that is uploading
> binaries but trowing them away for autobuilding. If you hold your breath
> just a bit more, it might be happening soonish [1,2]. And thanks to the
> FTP masters for their work on this!

It is *one* way of making sure the archive is consistent. But the idea
behind source-only is to remove the necessity of uploading giant
binaries if they are to be tossed anyway. For example, OpenOffice
revisions, or Linux kernel revisions, or even  Qt revisions.

The bottom line is trust. You trust developers to take
care of packages, more or less. You trust developers NOT to insert any
malicious code (be it DD or upstreams). You trust developers to
actually use the packages they upload, at least from time to time, so
they know how to respond to bugs. But you do not trust developers to
actually compile the package in the first place? That seems a little
out of place.


Now as to address some flabbergasted responses I've received to my
original post, it was merely an illustration how this stuff actually
*works*. There is a lot of dirt that gets swept underneath the rug, so
to speak. Just look at any large package's bug reports. You'll notice
the HUGE amount of bugs that are not closed and not followed.

And regarding build-dependencies, why people tend to keep adding and
adding build depends and rarely remove stuff that is not needed
anymore? No need to answer.

- Adam


Reply to: