Re: GPL-licensed software linked against libssl on buildds!

To: debian-devel@lists.debian.org
Subject: Re: GPL-licensed software linked against libssl on buildds!
From: Stefano Zacchiroli <zack@debian.org>
Date: Wed, 20 Jan 2010 09:30:54 +0100
Message-id: <[🔎] 20100120083054.GB13105@usha.takhisis.invalid>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 87my09r4rv.fsf@windlord.stanford.edu> <[🔎] 87my09sly1.fsf@windlord.stanford.edu>

On Tue, Jan 19, 2010 at 03:40:22PM -0800, Russ Allbery wrote:
> Because we want our users to be able to patch and rebuild our software to
> suit their needs.  Asking them to set up a chroot build environment is
> asking quite a lot.

AOL.  Yesterday night I drafted a reply (which has lingered in my Draft
box) and was almost word-by-word identical to this.

In parallel to this, we should probably make easier than now to rebuild
packages properly for our users (sysadms are not necessarily packagers),
and that is proceeding quite well with recent schroot improvements, if
you ask me.

On Tue, Jan 19, 2010 at 04:36:36PM -0800, Russ Allbery wrote:
> > There are two ways to attack that problem:
> 
> > (1) We decide that we want to provide the guarantee that packages build
> > the correct way in unclean envs. That mean making such bugs RC,
> > basically, and making efforts to find such bugs.
> 
> > (2) We decide that it would be nice if packages don't do too crazy
> > things when built in unclean envs, but provide no guarantee, and
> > recommend the use of pbuilder and schroot + tarballs/lvm when people
> > need guarantees.

I don't understand why you insist on this aut-aut. Ideally, your (1) is
the right one, but as of know it is (still?) hard to pursue, we put it
as an ideal goal and we proceed towards it. Bugs in package should be
filed (especially in the original case of this thread: heck, they
resulted in two incompatible licenses linked together!), they are not
RC, but they are still bugs. The day we will have a suitable / sure way
to identify this bug in the first place, we will start enforcing it.

On the same line, this whole issue is one of the reason why we have
relationships like Build-Conflicts. Why having a non-declared
Build-Conflicts shouldn't be a bug?

Cheers.

-- 
Stefano Zacchiroli -o- PhD in Computer Science \ PostDoc @ Univ. Paris 7
zack@{upsilon.cc,pps.jussieu.fr,debian.org} -<>- http://upsilon.cc/zack/
Dietro un grande uomo c'è ..|  .  |. Et ne m'en veux pas si je te tutoie
sempre uno zaino ...........| ..: |.... Je dis tu à tous ceux que j'aime

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: GPL-licensed software linked against libssl on buildds!
  - From: Lucas Nussbaum <lucas@lucas-nussbaum.net>

References:
- Re: GPL-licensed software linked against libssl on buildds!
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: GPL-licensed software linked against libssl on buildds!
Next by Date: Re: Bug#565675: ITP: pthsem -- pth replacement with semaphore support
Previous by thread: Re: GPL-licensed software linked against libssl on buildds!
Next by thread: Re: GPL-licensed software linked against libssl on buildds!
Index(es):
- Date
- Thread