[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PPAs for Debian

Stefano Zacchiroli dijo [Sat, Apr 30, 2011 at 12:56:15PM +0200]:
> > I think it would make quite sense to get something like e.g. ppa done for
> > Debian. But thats something else than it's proposed here.
> Yes, absolutely. I'd even dare to say that having something like PPA for
> Debian is a priority. It would be yet another way to enable people to
> experiment with big changes in Debian, showing their value, with minimum
> impact on the work of others.

Fully agree here.

> It happens that I've a recent update on this topic to share. There were
> some concerns about the need of something like a NEW queue for Debian's
> PPA, for legal reasons. I had a long phone call with SPI lawyer about
> this just yesterday. It turns out that there are a few provisions we
> should follow to stay on the safe side, but there is no specific blocker
> either. We can go ahead, individual maintainers will be responsible of
> what they upload / distribute via PPA.

Here I think we would be facing two different use cases, which impose
very different results:

• A PPA-like can be used by a Debian-related person (DD/DM/Dwhatever),
  and we trust the credentials they have already presented as personal
  identification (so what you stated can be held)

• But at least AFAICT, Canonical's PPAs allow also non-Ubuntu-related
  people to maintain their own repositories. That's a great way for
  them to start getting acquinted with the technical processes and get
  closer to becoming officialy affiliated. I have also seen it as a
  common distribution channel for independent projects.

The second use case might be what I feel as most attractive - Yes, I
maintain a couple of personal apt repos with things not really
suitable for Debian, some of which I could move to a PPA were it
available, but a non-Debianer might find it harder (and less
motivating) to learn the details of setting up his repo.

But we should then look into how we can ensure personal identification
- Would we keep the key reachability requirement? I think it's the
least we could do. If contributors cannot be identified, then I guess
responsability would fall upon the project, as infrastructure
providers, right?


Reply to: