Re: Source only upload
On 7/14/20 4:21 PM, Paul Wise wrote:
> On Tue, Jul 14, 2020 at 1:56 PM Michael Meskes wrote:
>
>> I just fell into the trap (again) and uploaded a binary package instead of
>> sources only. We don't want the binaries to be uploaded, that much I get, but
>> could anyone please explain to me, why we still accept binary uploads and why
>> no tool in the whole chain gives as much as a warning, let alone is configured
>> to do the right thing?
>
> Looks like the following bugs aren't yet filed:
>
> sbuild/pbuilder: default to --source-only-changes
> dput/dput-ng/dupload: default to _source.changes except for NEW or
> when the _source.changes file is missing/invalid.
>
> Making dak discard binaries in NEW sourceful uploads is in progress:
>
> https://lists.debian.org/msgid-search/27641434-e45a-404f-254f-daea899164a8@debian.org
>
> Personally, I think we should discard binaries from all sourceful
> uploads and only accept binaries from binary-only uploads such as the
> uploads done by the buildds.
Better: we must mandate binary uploads, rebuild them, and make sure they
are reproducible. Then get the buildd upload the binary they build (or
the one from the uploader, since that's the same thing...).
When the package isn't reproducible: reject the package and provide a
link to diffoscope. :)
Cheers,
Thomas Goirand (zigo)
P.S: Just my 2 cents, since I don't have time to implement any of this
myself ...
Reply to: