Re: 2 months and no upload for pkg

To: debian-devel@lists.debian.org
Subject: Re: 2 months and no upload for pkg
From: Daniel Pocock <daniel@pocock.pro>
Date: Thu, 04 Sep 2014 12:31:27 +0200
Message-id: <[🔎] 54083F7F.9020300@pocock.pro>
In-reply-to: <[🔎] 21511.14354.468506.754491@chiark.greenend.org.uk>
References: <53EAFE95.10203@riseup.net> <20140813065709.GD29048@mykerinos.kheops.frmug.org> <20140813072057.GA28776@falafel.plessy.net> <21492.38577.255301.431132@chiark.greenend.org.uk> <20140820143917.GA29803@bongo.bofh.it> <53F4DF78.2040104@pocock.pro> <[🔎] 21511.14354.468506.754491@chiark.greenend.org.uk>

On 03/09/14 17:47, Ian Jackson wrote:
> Daniel Pocock writes ("Re: 2 months and no upload for pkg"):
>> It may not simply be the person
>>
>> Somebody uploading packages where they are also the upstream may know
>> the copyright situation inside out and just cut and paste
>> debian/copyright from one package to the next and it is always correct.
>>
>> Somebody ambitious who works on packages they are less familiar with
>> or really monstrous packages may well miss things from time to time
>> and be deterred by such a system.  Then we have less people willing to
>> attack such monstrous packages.
> 
> There is a tradeoff here, between 1. the interests of users and
> developers of the `monstrous' package, and 2. the interests of
> ftpmaster and the users and developers of everything else.

That depends on the extent to which you consider all packages to be
independent of each other or if you believe that a collection of
packages, big and small, is worth more than the sum of the values of
each individual part.

> The costs of such a `monstrous' package should be borne by those who
> are working on it and want to see it in Debian.  It is true that that
> means that such packages are less likely to be in Debian than smaller
> or easier ones.  We should not try to fix that by redirecting core
> team effort to fix big and difficult packages.

I'm certainly not arguing that work on monstrous packages should be
offloaded onto the ftp masters.  I was only thinking about very small
errors, like missing the fact that some particular file has a slightly
different license that is otherwise fully compatible with the license of
the overall package.

There is one package I recently uploaded where I meant to use a
repackaged tarball to get rid of an embedded binary toolchain JAR.  This
is a more nasty mistake of course but thanks to the diligence of the FTP
masters it was spotted.

What is fascinating though is that other developers made exactly the
same mistake with exactly the same source package - uploading it
directly into Ubuntu, binary JARs included[1], before it had passed
through the Debian NEW queue.  In fact the Ubuntu changelog[2] mentions
at least three other developers who also didn't notice the same embedded
JAR in the source.

This also brings up one other concern about a procedure that
deliberately defers processing of some items in the NEW queue: it may
give an advantage to derivative distributions that are cherry-picking
the best things from NEW and appear to be getting them faster than Debian.

1.
https://launchpad.net/ubuntu/+archive/primary/+files/libphonenumber_6.0%2Br655.orig.tar.gz

2. https://launchpad.net/ubuntu/+source/libphonenumber/+changelog

Reply to:

Follow-Ups:
- Re: 2 months and no upload for pkg
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>

References:
- Re: 2 months and no upload for pkg
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>

Prev by Date: Re: Possible abuse of dpkg-deb -z9 for xz compressed binary packages
Next by Date: Bug#760462: general: kdm gdm3
Previous by thread: Re: 2 months and no upload for pkg
Next by thread: Re: 2 months and no upload for pkg
Index(es):
- Date
- Thread