Re: Facilitating external repositories

[Paul Wise <pabs@debian.org>]

On Sat, Jun 6, 2015 at 8:13 AM, Brian May wrote:

> the software is far to volatile (e.g. important bug fixes on a weekly basis)

We have a place for such software: experimental

> I don't want old versions hanging around any longer then absolutely required

We have a place for such software: experimental

>. It is also a very narrow market, possibly not of
> general interest to the Debian community (this is hard to determine however;
> maybe what this needs right now is expanded exposure).

We have a lot of obscure software in Debian already, the size of the
audience shouldn't matter.

> There was also the (slightly confusing) perception in management that they
> had to tightly control ownership and distribution, despite it being open
> source GPL software, available on github, etc.

We probably shouldn't distribute it if upstream doesn't want us to though.

> I note the original poster mentioned Ubuntu PPAs and add-apt-repository; my
> understanding is that these don't solve the trust issue, I seem to recall
> the user is shown a fingerprint and asked to confirm it is correct (based on
> what???) - however I don't have an Ubuntu box I can test this on right now.

I would guess based on the OpenPGP web of trust or the user's trust in
their OS that trusts the SSL CA that signed the Launchpad certs.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise
http://bonedaddy.net/pabs3/
http://wiki.openmoko.org/wiki/User:PaulWise