On Thursday, March 19, 2020 10:31:55 AM EDT Luca Filipozzi wrote: > On Thu, Mar 19, 2020 at 11:42:39AM +0000, Neil McGovern wrote: > > On Wed, Mar 18, 2020 at 12:25:24PM -0400, Theodore Y. Ts'o wrote: > > > > 2) We would be very limited in what checks we could actually do on new > > > > packages. If we look too closely at packages, we stop being a > > > > distributor, and start being a publisher. I'm not sure that we want to > > > > move towards just being a distribution platform, rather than actually > > > > doing QA checks. > > > > > > I'm confused. As near as I can tell, we already are looking super > > > closely at new packages. > > > > Yes, and there's the problem. To move from a situation where we try and > > say "we're a distributor, not a publisher", then we would need to stop > > doing some of those checks, or at least work out a way of automating > > them. > > [snip very useful explanation - thanks for that, Neil!] > > > So, to ease the burden on ftp-masters by trying to say that > > > > > the responsibility of the right to redistribute of the uploaded > > > software be moved on the uploader instead > > > > as suggested by Alexis, means we need to be very careful about /not/ > > looking too closely at what we put out. > > Isn't part of Debian's charm the quality that we attempt to bring to the > packages that we publish? > > How does our coorindation for things like py2->py3 impact our position > as publisher vs distributor? I think it's an essential element of the value proposition that Debian brings to the table. We're an integrator that is working to deliver a coherent set of capabilities in a release. If we aren't going to do that, we may as well dump all the (for example) Python packages and tell people to use pypi (CPAN, pick your language specific publishing mechanism). Scott K
Description: This is a digitally signed message part.