Re: FTP Team -- call for volunteers
On Sun, 15 Mar 2020 05:10:21 +0100
Adam Borowski <email@example.com> wrote:
> On Sat, Mar 14, 2020 at 08:04:01PM -0400, Scott Kitterman wrote:
> > On Saturday, March 14, 2020 6:37:46 PM EDT Martin wrote:
> > > On 2020-03-14 13:37, Sean Whitton wrote:
> > > > (packages in NEW must not be downloaded from ftp-master.d.o to your
> > > > local machine)
> > > Just curious: Why is that the case?
> > Out of an abundance of caution. Until after the package has been reviewed,
> > there's no knowing if it's distributable and downloading a package from ftp-
> > master.d.o to another machine outside debian.org is a distrubution.
> This "abundance of caution" rule is utterly obsolete this millenium. It
> made some sense when distributing software was done by snail-mailing a
> floppy or a stack of them.
My knee-jerk response is to agree. There is a lock which also applies to
reviewing a package. This means only one person can be looking at it at a time.
We often just open a github/gitlab/etc. page if multiple people need to discuss
the package (usually team member asking a trainee something). The content has
already been distributed. Why should this be any different from mentors.d.n,
where such practice is required?
The problem is that this server is *the* distribution point for the Debian
archive. This feels like a weird gray area that shouldn't be messed around with.
Personally, I was shocked when I found out we do review on the same server that
hosts the archive. I would have expected a separate server for review. However,
my expectation comes from younger environments, where CD/CI and extensive code
review processes are expected. When I try to picture how the current system
evolved (more evident as you dig into dak source...), it makes sense.
Making a new server to push reviews to would remove that gray area, since it
would effectively be identical to mentors.d.n; especially considering how
easily one could upload to ftp-master instead of mentors... (guilty)
Something like this would take a pretty deep dive into dak, and a new server,
and all the goodies that would go along with such a transition.
Unfortunately, from my view, such a change would be nearly impossible. I can't
even get documentation fixes merged into dak or even reviewed. I don't imagine
such a large change would ever get accepted.
If we could even just do something like an DNA, saying we will definitely
destroy everything we download, we'd at least be able to write our own review