[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: GPL-licensed software linked against libssl on buildds!

Patrick Schoenfeld <schoenfeld@debian.org> writes:
> On Tue, Jan 19, 2010 at 04:04:07PM -0800, Russ Allbery wrote:

>> Uh, since as long as I've been part of the project.  I think this is at
>> least the third time that I recall the same topic coming up on -devel.

> Wow. How often a topic comes up on -devel is an indicator how
> representative a given idea is in the whole developer body?  It might be
> a sign that the people who want it tend to ask for it a lot.

Each time we had this discussion previously, my perception of the
consensus was what I stated earlier.

> Well, I can't tell if most packages use autoconf. Probably they do.  But
> there are plenty of other build systems around, all with its own
> caveats. So my statement "... illussionary to support /every/ possible
> circumstance ..." is still true.

It's illusory to assume we can remove all bugs from our packages, for any
type of significant bug that you care to mention.  That doesn't mean we
should stop fixing bugs.

> That does not mean that we shouldn't fix such bugs if they arise
> (obviously we should) but having priority on it is a different thing.

Then I'm not sure that you're disagreeing with me?

All I said was that it's a bug that should normally be fixed.  If you also
agree that it's a bug that should normally be fixed, you may want to
consider whether you're fighting shadows here.  :)  I didn't say it was
RC, and I didn't say it needed to be a priority over other bugs,

>> sbuild has never provided this in the history of the project.  I really
>> have to question the emphasis put on this given that we've lived for
>> all these years without having that and by fixing the packages to do
>> the right thing.

> Eh.. what? I'm using sbuild to build my packages before uploading them
> locally. It uses schroot and schroot supports LVM snapshots.  Which is
> what I'm using. Probably it has never been deployed on our buildds but
> that has nothing to do with what sbuild can provide.

I didn't say anything about what sbuild *could* provide.  I said that it
*has not* provided that, in the sense that the buildds have never
previously done what you describe above.  The project has not collapsed.
Clearly it's possible to, in general, fix these problems when they arise
without using guaranteed-clean chroots.

Separately, I do agree that having better guarantees around the chroots is
a good idea.  I'm just pointing out that there's no reason to make that
the only solution to the problem, and in fact the project has not
historically needed this and still has done an okay job with such bugs.

Steve made the same point with fewer words and more precision.

> Oh, well, after I read the link I even remember it. Yes, if we are aware
> of problems there is reason to fix them. That doesn't mean that we
> should always build in dirty chrooots, though.

I think we may not actually be disagreeing.

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: