Re: PPAs for Debian
Stefano Zacchiroli dijo [Sat, Apr 30, 2011 at 12:56:15PM +0200]:
> > I think it would make quite sense to get something like e.g. ppa done for
> > Debian. But thats something else than it's proposed here.
> Yes, absolutely. I'd even dare to say that having something like PPA for
> Debian is a priority. It would be yet another way to enable people to
> experiment with big changes in Debian, showing their value, with minimum
> impact on the work of others.
Fully agree here.
> It happens that I've a recent update on this topic to share. There were
> some concerns about the need of something like a NEW queue for Debian's
> PPA, for legal reasons. I had a long phone call with SPI lawyer about
> this just yesterday. It turns out that there are a few provisions we
> should follow to stay on the safe side, but there is no specific blocker
> either. We can go ahead, individual maintainers will be responsible of
> what they upload / distribute via PPA.
Here I think we would be facing two different use cases, which impose
very different results:
• A PPA-like can be used by a Debian-related person (DD/DM/Dwhatever),
and we trust the credentials they have already presented as personal
identification (so what you stated can be held)
• But at least AFAICT, Canonical's PPAs allow also non-Ubuntu-related
people to maintain their own repositories. That's a great way for
them to start getting acquinted with the technical processes and get
closer to becoming officialy affiliated. I have also seen it as a
common distribution channel for independent projects.
The second use case might be what I feel as most attractive - Yes, I
maintain a couple of personal apt repos with things not really
suitable for Debian, some of which I could move to a PPA were it
available, but a non-Debianer might find it harder (and less
motivating) to learn the details of setting up his repo.
But we should then look into how we can ensure personal identification
- Would we keep the key reachability requirement? I think it's the
least we could do. If contributors cannot be identified, then I guess
responsability would fall upon the project, as infrastructure