Re: Discarding uploaded binary packages
* Chow Loong Jin <firstname.lastname@example.org> [121020 18:10]:
> The only argument I have seen for binary uploads is to ensure that DDs have
> built the package prior to uploading it. But as someone else pointed out earlier
> in the thread, we seem to be trusting DDs a lot in other aspects, so why not
> trust that they test-build packages prior to uploading them as well?
Because trusting someone in one thing is not the same as trusting
someone in another. Trust works best when there is accountablity.
Having the binary file around, even if it is not easily accessible
on some remote archive, noone can claim "I tested this, it just did
work here, something must be different on the buildds" and hope to
get away with it.
Given that source only uploads where tried in another project and
the results are scary, this accountability might make the difference
to make it work.
And to also name another argument: having the files actually uploaded
means it is easy to add additional checks. (Like starting with making
sure the list of files does not differ between the two versions, or
some check to see only versions of generated dependencies differ but
not the packages depended and so on).
Bernhard R. Link