[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PPAs for Debian

On Wednesday, May 04, 2011 12:16:54 AM Paul Tagliamonte wrote:
> On Wed, May 4, 2011 at 12:02 AM, Julien Valroff <julien@debian.org> wrote:
> > Le mercredi 04 mai 2011 à 00:02:01 (+0200 CEST), René Mayorga a écrit :
> >> On Tue, May 03, 2011 at 11:30:41PM +0200, Stefano Zacchiroli wrote:
> >> > After all, in that  respect what is the difference between that and
> >> > unofficial APT repositories that many of us already maintain at
> >> > people.d.o/~something or something.debian.net? Do you want to shut
> >> > them down as well?
> >> 
> >> no, I was expressing over the PPA as an official services that allow
> >> users to upload any package without any quality control.
> > 
> > AFAIU, only DD and DM could create PPA and upload to them. If this is not
> > the case, then I share your fears.
> Usage of the PPA system on LP requires that you agree to the usage
> terms (not unlike machine usage policies for Debian).
> We let non-MOTU upload to their own PPAs (has their name in the URL),
> and if nonfree (or malicious) packages are uploaded, they can have PPA
> rights removed.
> There's been one issue I can recall, and it was only a very very
> slight DFSG technicality.

That depends on what you mean by 'issue'.  I think exactly the issues that 
concern some people in Debian about packages of 'poor quality' being generated 
in an uncontrolled PPA system are happening with regularity in Ubuntu.  
Although it doesn't happen every week or anything, it's happened more often 
than I can recall that someone files a bug in Ubuntu about broken PPA packages 
done by some random non-developer.  I believe Debian is quite correct to be 
concerned about the potential for user confusion and damage to Debian's 
reputation for high quality work.

PPAs as a developer tool are one thing, PPAs as a tool for random uploads, I 
think are quite another.  I'd hate to see Debian make the same mistake that 
Canonical did in this regard.

Scott K

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: