Re: What to do when DD considers policy to be optional? [kubernetes]

[Bernd Zeimetz <bernd@bzed.de>]

On 3/25/20 11:30 PM, Dmitry Smirnov wrote:
> Given that logic even re-compiling using different compiler would not be 
> trustworthy. And indeed some people make exactly that argument -- "use our 
> tested binary" as one can't be sure if re-compiling introduces any bugs.

Indeed I'd expect it that you'd at least compile it using the same
golang version.

> That questions the very usability of source code releases, whether you 
> understand it or not.
> 
> With this and your next arguments you are questioning the very usability of 
> packaging and I might agree that Kubernetes may not be worth packaged, 
> especially if we can't do it properly.


k8s is a way too fast moving target to be able to package it in a sane
way. It will be versions behind already when we release Debian.


>> What you suggest is a nice idea, but hard for go sources and impossible
>> for packages like k8s.
> 
> I don't know how to respond nicely when someone who did not maintain a 
> complex Golang application tells me that the way myself and others maintain 
> packages like docker,io, consul, nomad, vault, syncthing is "impossible"...

Not sure how I should respond nicely, but

A) you have no clue what I do (there is life outside of Debian, you know)

B) there are reasons why people recommend not to use the packaged
versions of docker.io. No opinion on the others, never touched them.



Applying the Debian "library" policy on go code is imho impossible -
there are no sonames, often no proper releases. The way how Debian
packages source code does not fit for go.


-- 
 Bernd Zeimetz                            Debian GNU/Linux Developer
 http://bzed.de                                http://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F