Re: Build logs from local builds

To: Bernd Zeimetz <bernd@bzed.de>
Cc: debian-devel@lists.debian.org
Subject: Re: Build logs from local builds
From: Adam Majer <adamm@zombino.com>
Date: Tue, 10 Nov 2009 23:22:55 -0600
Message-id: <[🔎] 20091111052255.GB26059@mira.lan.galacticasoftware.com>
In-reply-to: <[🔎] 4AF9E8DB.3080807@bzed.de>
References: <162de7480910210402t1b9260edkb64334a5a97e8a3a@mail.gmail.com> <20091021112705.GM4693@const.bordeaux.inria.fr> <20091026192947.GB6085@mira.lan.galacticasoftware.com> <[🔎] 4AF9E8DB.3080807@bzed.de>

On Tue, Nov 10, 2009 at 11:27:39PM +0100, Bernd Zeimetz wrote:
> Adam Majer wrote:
> > People are lazy and like myself don't want to sync pbuilder and
> > related stuff every time I want to upload something. Since my box is
> > rarely up to date, this can result in dependencies lagging
> > somewhat compared to official buildd. I generally don't check for any
> > build-depends problems anyway with pbuilder unless buildd chokes.
> 
> And so you put the problem on the shoulders of the buildd admins. Sorry, but
> that behaviour makes me choke. I've CCed DAM as this behaviour is absolutely not
> acceptable for DDs.

 <<<<   <-- my comments

  O
 /|\    <-- you
 / \

My comments are merely an example of how stuff works. Since you are
too young in Debian, let me recap a period in Debian when source
uploads were actually accepted and I have used them on occasion. It
addressed various dependency lags, generally on the buildd. As you may
imagine, sometimes buildd are not updated with latest and greatest
because of problems in the said versions.

Now, source uploads resulted in people abusing the source only upload
and uploading packages that don't actually build. And by that, I mean
packages that do not build without tweaks. So, they disabled source
only uploads to *force* people to actually build a package. Of course,
this does not stop people from uploading packages that FTBFS. And what
ended up as a problem that we have now? Lagging dependencies. Exactly
the problem that is fixed by source-only uploads.

The current solution is to "imitate" source only by dropping all
binary uploads. So why not have source only upload from developer's
machine directly?

As I alluded in another reply, in Debian you are trusted to,

  * package software that is usable
  * not to break people's computers
  * not to inject malicious code into software
  * not to abuse Debian machines accessible to you
  * use the software you package and test it for usability

but at the same time you are not trusted enough to *compile* code on
your machine? That's the problem I have with not allowing source only
uploads - the trust is broken at the most insignificant part of the
process.

If people really want to be pedantic about this, why not allow uploads
of the source and skip the *.deb at the dev's machine?? The signed
.changes includes proof that the *.deb were built so why require the
actual *.debs to be uploaded?

> > I'm all in favour of removing uploaded binaries. But also allow source
> > only uploads.
> 
> No way. At least to stop people like you who prefer to let the buildd admins do
> *your* work.

Please think carefully, *carefully* about what you are talking about
because what you write here, it makes no sense.

- Adam

PS. Please don't spam DAM's mail box. It probably gets enough spam.

Reply to:

References:
- Re: Build logs from local builds
  - From: Bernd Zeimetz <bernd@bzed.de>

Prev by Date: Re: Build logs from local builds
Next by Date: Re: Iceweasel and Firefox compatibility
Previous by thread: Re: Build logs from local builds
Next by thread: Re: Build logs from local builds
Index(es):
- Date
- Thread