On Sun, Mar 15, 2020 at 06:55:43AM -0500, Michael Lustfield wrote:
> > > > > (packages in NEW must not be downloaded from ftp-master.d.o to your
> > > > > local machine)
> > > > Just curious: Why is that the case?
> > > Out of an abundance of caution. Until after the package has been reviewed,
> > > there's no knowing if it's distributable and downloading a package from ftp-
> > > master.d.o to another machine outside debian.org is a distrubution.
> > [...]
> > This "abundance of caution" rule is utterly obsolete this millenium. It
> > made some sense when distributing software was done by snail-mailing a
> > floppy or a stack of them.
>
> My knee-jerk response is to agree. There is a lock which also applies to
> reviewing a package. This means only one person can be looking at it at a time.
> We often just open a github/gitlab/etc. page if multiple people need to discuss
> the package (usually team member asking a trainee something). The content has
> already been distributed. Why should this be any different from mentors.d.n,
> where such practice is required?
>
> The problem is that this server is *the* distribution point for the Debian
> archive. This feels like a weird gray area that shouldn't be messed around with.
>
> Personally, I was shocked when I found out we do review on the same server that
> hosts the archive. I would have expected a separate server for review.
+1, though talk is cheap :)
--
cheers,
Holger
-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
Attachment:
signature.asc
Description: PGP signature