Re: PPAs for Debian

To: Stefano Zacchiroli <leader@debian.org>
Cc: debian-devel@lists.debian.org
Subject: Re: PPAs for Debian
From: Gunnar Wolf <gwolf@gwolf.org>
Date: Wed, 4 May 2011 11:31:32 -0500
Message-id: <[🔎] 20110504163132.GE15466@gwolf.org>
In-reply-to: <20110430105615.GA20011@upsilon.cc>
References: <20110428135228.GB7583@rivendell.home.ouaza.com> <4DB97F2D.8030206@debian.org> <20110428152515.GA26004@xanadu.blop.info> <4DB99028.5020005@dogguy.org> <20110428171515.GA31112@xanadu.blop.info> <20110429213746.GK15003@mails.so.argh.org> <20110430071955.GE19536@rivendell.home.ouaza.com> <slrnirnfn6.j3h.trash@kelgar.0x539.de> <20110430100724.GQ15003@mails.so.argh.org> <20110430105615.GA20011@upsilon.cc>

Stefano Zacchiroli dijo [Sat, Apr 30, 2011 at 12:56:15PM +0200]:
> > I think it would make quite sense to get something like e.g. ppa done for
> > Debian. But thats something else than it's proposed here.
> 
> Yes, absolutely. I'd even dare to say that having something like PPA for
> Debian is a priority. It would be yet another way to enable people to
> experiment with big changes in Debian, showing their value, with minimum
> impact on the work of others.

Fully agree here.

> It happens that I've a recent update on this topic to share. There were
> some concerns about the need of something like a NEW queue for Debian's
> PPA, for legal reasons. I had a long phone call with SPI lawyer about
> this just yesterday. It turns out that there are a few provisions we
> should follow to stay on the safe side, but there is no specific blocker
> either. We can go ahead, individual maintainers will be responsible of
> what they upload / distribute via PPA.

Here I think we would be facing two different use cases, which impose
very different results:

• A PPA-like can be used by a Debian-related person (DD/DM/Dwhatever),
  and we trust the credentials they have already presented as personal
  identification (so what you stated can be held)

• But at least AFAICT, Canonical's PPAs allow also non-Ubuntu-related
  people to maintain their own repositories. That's a great way for
  them to start getting acquinted with the technical processes and get
  closer to becoming officialy affiliated. I have also seen it as a
  common distribution channel for independent projects.

The second use case might be what I feel as most attractive - Yes, I
maintain a couple of personal apt repos with things not really
suitable for Debian, some of which I could move to a PPA were it
available, but a non-Debianer might find it harder (and less
motivating) to learn the details of setting up his repo.

But we should then look into how we can ensure personal identification
- Would we keep the key reachability requirement? I think it's the
least we could do. If contributors cannot be identified, then I guess
responsability would fall upon the project, as infrastructure
providers, right?

Greetings,

Reply to:

Prev by Date: Re: A concrete proposal for rolling implementation
Next by Date: Re: PPAs for Debian
Previous by thread: Re: PPAs for Debian
Next by thread: Re: Multiarch, policy and cross-compiler libraries for non-Debian architectures
Index(es):
- Date
- Thread