Re: PPAs for Debian
- To: Stefano Zacchiroli <firstname.lastname@example.org>
- Cc: email@example.com
- Subject: Re: PPAs for Debian
- From: Gunnar Wolf <firstname.lastname@example.org>
- Date: Wed, 4 May 2011 11:31:32 -0500
- Message-id: <[🔎] 20110504163132.GE15466@gwolf.org>
- In-reply-to: <20110430105615.GA20011@upsilon.cc>
- References: <20110428135228.GB7583@rivendell.home.ouaza.com> <4DB97F2D.email@example.com> <20110428152515.GA26004@xanadu.blop.info> <4DB99028.firstname.lastname@example.org> <20110428171515.GA31112@xanadu.blop.info> <20110429213746.GK15003@mails.so.argh.org> <20110430071955.GE19536@rivendell.home.ouaza.com> <email@example.com> <20110430100724.GQ15003@mails.so.argh.org> <20110430105615.GA20011@upsilon.cc>
Stefano Zacchiroli dijo [Sat, Apr 30, 2011 at 12:56:15PM +0200]:
> > I think it would make quite sense to get something like e.g. ppa done for
> > Debian. But thats something else than it's proposed here.
> Yes, absolutely. I'd even dare to say that having something like PPA for
> Debian is a priority. It would be yet another way to enable people to
> experiment with big changes in Debian, showing their value, with minimum
> impact on the work of others.
Fully agree here.
> It happens that I've a recent update on this topic to share. There were
> some concerns about the need of something like a NEW queue for Debian's
> PPA, for legal reasons. I had a long phone call with SPI lawyer about
> this just yesterday. It turns out that there are a few provisions we
> should follow to stay on the safe side, but there is no specific blocker
> either. We can go ahead, individual maintainers will be responsible of
> what they upload / distribute via PPA.
Here I think we would be facing two different use cases, which impose
very different results:
• A PPA-like can be used by a Debian-related person (DD/DM/Dwhatever),
and we trust the credentials they have already presented as personal
identification (so what you stated can be held)
• But at least AFAICT, Canonical's PPAs allow also non-Ubuntu-related
people to maintain their own repositories. That's a great way for
them to start getting acquinted with the technical processes and get
closer to becoming officialy affiliated. I have also seen it as a
common distribution channel for independent projects.
The second use case might be what I feel as most attractive - Yes, I
maintain a couple of personal apt repos with things not really
suitable for Debian, some of which I could move to a PPA were it
available, but a non-Debianer might find it harder (and less
motivating) to learn the details of setting up his repo.
But we should then look into how we can ensure personal identification
- Would we keep the key reachability requirement? I think it's the
least we could do. If contributors cannot be identified, then I guess
responsability would fall upon the project, as infrastructure