Re: Bits from the FTPMaster meeting
Goswin von Brederlow wrote:
> Philipp Kern <trash@philkern.de> writes:
>
>> On 2009-11-16, Simon Huggins <huggie@earth.li> wrote:
>>> If you throw away the binaries, a DD can upload a binary package with a
>>> sole binary that prints out banana and a source package that builds the
>>> right thing presumably. Are there any checks to prevent that?
>>>
>>> I'm trying to work out if you get what you think you do from building
>>> but throwing away that makes it better than entirely source-only.
>> You can run lintian on the resulting binaries, which you can't on source-only
>> uploads. (Well, you can only check the source package.) Now, if that stub
>> binary you upload is free from errors ftp-masters reject upon, then you can
>> still work around that.
>>
>> And I didn't bother to check now if they really rely on binary checks yet,
>> however I'd at least assume something like binary-package-is-empty. ;-)
>>
>> Kind regards,
>> Philipp Kern
>
> Those could (and should) easily be checked for the binary-only uploads
> from buildds. And if a maintainer keeps uploading sources that fail
> the lintian checks on the buildd uploads that could be delt with
> whatever other method the initial mail hinted at.
>
> In my mind the question is: Will maintainer upload so many bad source
> packages that the overhead of uploading binaries and throwing them
> away makes sense? Something that can not be answered without some hard
> data.
Noone is stopping anyone of preparing a service that would accept source
only uploads as a go between to find out at least some numbers and solve
the problem some are having with bandwidth or unreliability of the
existing solutions.
Cheers
Luk
Reply to: