[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

+1 (Re: FTP Team -- call for volunteers)

On Sun, Mar 15, 2020 at 06:55:43AM -0500, Michael Lustfield wrote:
> > > > >     (packages in NEW must not be downloaded from ftp-master.d.o to your
> > > > >     local machine)  
> > > > Just curious: Why is that the case?  
> > > Out of an abundance of caution.  Until after the package has been reviewed, 
> > > there's no knowing if it's distributable and downloading a package from ftp-
> > > master.d.o to another machine outside debian.org is a distrubution.  
> > [...]
> > This "abundance of caution" rule is utterly obsolete this millenium.  It
> > made some sense when distributing software was done by snail-mailing a
> > floppy or a stack of them.
> My knee-jerk response is to agree. There is a lock which also applies to
> reviewing a package. This means only one person can be looking at it at a time.
> We often just open a github/gitlab/etc. page if multiple people need to discuss
> the package (usually team member asking a trainee something). The content has
> already been distributed. Why should this be any different from mentors.d.n,
> where such practice is required?
> The problem is that this server is *the* distribution point for the Debian
> archive. This feels like a weird gray area that shouldn't be messed around with.
> Personally, I was shocked when I found out we do review on the same server that
> hosts the archive. I would have expected a separate server for review. 

+1, though talk is cheap :)


       PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

Attachment: signature.asc
Description: PGP signature

Reply to: