[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Facilitating external repositories

Hi Bálint,

On Fri, Jun 12, 2015 at 11:19:30AM +0200, Bálint Réczey wrote:
> Hi Wouter,
> 2015-06-12 0:59 GMT+02:00 Wouter Verhelst <wouter@debian.org>:
> >
> > - I don't want to have to deal with doing a maven build in a Debian
> >   package. If you see what the packages' debian/rules do, ou'll see that
> >   we cheat for eid-viewer.
> This does not sound like building a binary we could trust.

It isn't appropriate for inclusion in Debian, that much I agree with. It
should be trustworthy, though.

> > - The packages exist mostly to support cards that have a limited
> >   validity. When they're no longer valid, you return the old one and get
> >   a new one. Sometimes, it happens that the newer cards have a bug, or
> >   have a new feature, or some such, which means that the old version of
> >   the software doesn't really work anymore, and you need a new one.
> >   Having older versions in the archive for years after they stop working
> >   turned out to be a support nightmare for upstream.
> I think with wheezy-backports the situation improved a lot. The application
> could check if *-backports is enabled and warn the user if it is not. You could
> keep updated versions in *-backports, thus avoiding the nightmare.

This is true, to some extent, but it does not solve all my problems.

We also support Ubuntu and Linux Mint, not to speak of the set of
RPM-based distributions for which there are packages.

For the latter, it is usually possible to supply a link to a ".repo"
file; for all of those distributions, tools exist to automagically
configure the system so that the repository is enabled and the gpg key
is added as a trusted key (after appropriate confirmation from the

The same is not true for Debian, and I think this should be the case.
I believe the answer to "how do I make a proper third-party repository"
should *not* be "don't".

What I'm trying to fix here is not something that will help me in the
short term; indeed, due to the remaining length of the contract and the
average length of a Debian release cycle, it is even possible that this
won't help me anymore but will only be useful for whoever it is that
will succeed me.

I could start uploading to backports today, and create a PPA for ubuntu,
and continue to maintain third-party repositories for fedora, centos,
and opensuse. But that would mean I have to upload packages to three
different places. It would also mean that the workflow for providing the
results of my continuous integration builds would be significantly
different from the results of the "regular" builds. This would all be

To clarify: the reason that I mailed to -devel was not "please help me
fix my problem"; instead, I did so because I believe there is a gap in
our current support for third-party repositories, and because I believe
this is a problem that needs fixing. Taking away my personal need for
maintaining third-party repositories, while interesting in and of
itself, does not actually do that; the gap would still exist for other

Taking away the need for third-party repositories in the first place
*would* help fix that, yes. By creating PPA's, improving backports
support, and other similar things, it is true that the need for
third-party repositories will diminish; but I don't think it will ever
go away completely, and so it makes sense to improve support for such


It is easy to love a country that is famous for chocolate and beer

  -- Barack Obama, speaking in Brussels, Belgium, 2014-03-26

Attachment: signature.asc
Description: Digital signature

Reply to: