[ Bcc:-ing ftpmasters ]
Time to wrap up the current state of this discussion, at least as far as
I see it.
- going ahead with throw away debs seems to be largely uncontroversial;
can we haz zem please? :-)
- there seems to be no substantial objections either on the fact the
source only upload would be fine, as long as they are not the default
but can be enabled upon request
What's still largely undecided is how uploaders would require a source
only upload. Several presented use cases --- both here on list and in
private replies to me --- show that my proposal, as well as all possible
source-based solutions, are suboptimal. In other words, people seem to
really need per-upload, or even per-batch upload, white listing.
FWIW, I wouldn't like much the idea of introducing yet another list of
people which are allowed to do source only uploads as that would be a
potential bottleneck which seems unwarranted here (at least if you buy
my argument that for what concerns the risk of non-buildable-uploads,
the defaults matter more than strict controls).
How about just relying on "dpkg-buildpackage -S", maybe coupling it with
the need of using "dput -f" (extending a bit the current semantics of
-f) which would refuse to upload a source only binary by default?
Cheers.
--
Stefano Zacchiroli -o- PhD in Computer Science \ PostDoc @ Univ. Paris 7
zack@{upsilon.cc,pps.jussieu.fr,debian.org} -<>- http://upsilon.cc/zack/
Quando anche i santi ti voltano le spalle, | . |. I've fans everywhere
ti resta John Fante -- V. Capossela .......| ..: |.......... -- C. Adams
Attachment:
signature.asc
Description: Digital signature