Re: FTP Team -- call for volunteers

To: debian-devel@lists.debian.org
Subject: Re: FTP Team -- call for volunteers
From: "Theodore Y. Ts'o" <tytso@mit.edu>
Date: Wed, 18 Mar 2020 12:25:24 -0400
Message-id: <[🔎] 20200318162524.GA1041582@mit.edu>
In-reply-to: <[🔎] 20200315195206.GQ3296@lancashire.halon.org.uk>
References: <871rpu3c60.fsf@iris.silentflame.com> <[🔎] 20200314223746.GA757657@fama> <[🔎] 1952500.KqJ7C3V18i@l5580> <[🔎] 20200315041021.GA1635@angband.pl> <[🔎] 20200315065543.2e304bad@toast> <[🔎] 1e7d0009-f1f6-2d76-ef0a-6eb00e68c6e3@debian.org> <[🔎] 20200315172546.GA722791@mit.edu> <[🔎] CAOOnQAcWndR67MtM8AfXVs7wnRe7+JF5oRd43GPJR2VXTv1sbQ@mail.gmail.com> <[🔎] fd6f2480-2187-8b83-3d27-63259933a270@gmail.com> <[🔎] 20200315195206.GQ3296@lancashire.halon.org.uk>

On Sun, Mar 15, 2020 at 07:52:06PM +0000, Neil McGovern wrote:
> 
> In theory, yes - this would move the liability to the uploader. However,
> there are two issues with this:
> 1) The liability now rests with the uploader. This isn't something that
> has really been done before, and we'd need to make sure that we're
> comfortable with this.

The uploader has *already* distributed the package by uploading it to
ftp.debian.org.  So the uploader already has any (99.99% of the time,
completely non-existent) liability.  If the uploader is using github,
or salsa, they've also *already* distributed it.  And I'll note that
the salsa admins don't be as concerned about potential liability to
Debian compared to the ftp team when a maintainer uploads a package
with a shared library version bump so that there's a new package,
libfoo4 instead of libfoo3.

> 2) We would be very limited in what checks we could actually do on new
> packages. If we look too closely at packages, we stop being a
> distributor, and start being a publisher. I'm not sure that we want to
> move towards just being a distribution platform, rather than actually
> doing QA checks.

I'm confused.  As near as I can tell, we already are looking super
closely at new packages.

						- Ted

Reply to:

Follow-Ups:
- Re: ***UNCHECKED*** Re: FTP Team -- call for volunteers
  - From: Simon Richter <sjr@debian.org>
- Re: FTP Team -- call for volunteers
  - From: Neil McGovern <neilm@debian.org>

References:
- Re: FTP Team -- call for volunteers
  - From: Martin <debacle@debian.org>
- Re: FTP Team -- call for volunteers
  - From: Scott Kitterman <debian@kitterman.com>
- Re: FTP Team -- call for volunteers
  - From: Adam Borowski <kilobyte@angband.pl>
- Re: FTP Team -- call for volunteers
  - From: Michael Lustfield <michael@lustfield.net>
- Re: FTP Team -- call for volunteers
  - From: Simon Richter <sjr@debian.org>
- Re: FTP Team -- call for volunteers
  - From: "Theodore Y. Ts'o" <tytso@mit.edu>
- Re: FTP Team -- call for volunteers
  - From: Salvo Tomaselli <tiposchi@tiscali.it>
- Re: FTP Team -- call for volunteers
  - From: Alexis Murzeau <amubtdx@gmail.com>
- Re: FTP Team -- call for volunteers
  - From: Neil McGovern <neilm@debian.org>

Prev by Date: Mass bug filing: dependencies on dbus-glib
Next by Date: Re: RFC: Replacing vim-tiny with nano in essential packages
Previous by thread: Re: FTP Team -- call for volunteers
Next by thread: Re: ***UNCHECKED*** Re: FTP Team -- call for volunteers
Index(es):
- Date
- Thread