[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: trends.debian.net updated

On Tue, 2020-04-14 at 13:12 +0200, Wouter Verhelst wrote:
> On Sun, Apr 12, 2020 at 09:11:57PM +0200, Ole Streicher wrote:
> > One could expect from maintainers that they check their packages for
> > compliance regularly and that they document that.
> Perhaps, but it is *also* documented that an upload just to bump the
> Standards-Version is severely frowned upon. If there is no other reason
> to upload in 7 years, then the Standards-Version will not be updated,
> and that is perfectly fine.

If a package hasn't been uploaded for 7 years, then:

* At least some of its binary packages were probably built by the
  uploader, not on a buildd
* If it's written in C or C++, it hasn't been built with all the
  current hardening options that should be used
* Its binary packages probably aren't repoducible
* It may not build correctly with the current build tools (failure to
  build at all would usually be caught and reported, though)

I think we should be rebuilding everything at least once per release
cycle, so we don't have a nasty surprise when these "mature" packages
need bug fixes.


Ben Hutchings
Everything should be made as simple as possible, but not simpler.
                                                      - Albert Einstein

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: