On Tue, 2020-04-14 at 13:12 +0200, Wouter Verhelst wrote:
> On Sun, Apr 12, 2020 at 09:11:57PM +0200, Ole Streicher wrote:
[...]
> > One could expect from maintainers that they check their packages for
> > compliance regularly and that they document that.
>
> Perhaps, but it is *also* documented that an upload just to bump the
> Standards-Version is severely frowned upon. If there is no other reason
> to upload in 7 years, then the Standards-Version will not be updated,
> and that is perfectly fine.
[...]
If a package hasn't been uploaded for 7 years, then:
* At least some of its binary packages were probably built by the
uploader, not on a buildd
* If it's written in C or C++, it hasn't been built with all the
current hardening options that should be used
* Its binary packages probably aren't repoducible
* It may not build correctly with the current build tools (failure to
build at all would usually be caught and reported, though)
I think we should be rebuilding everything at least once per release
cycle, so we don't have a nasty surprise when these "mature" packages
need bug fixes.
Ben.
--
Ben Hutchings
Everything should be made as simple as possible, but not simpler.
- Albert Einstein
Attachment:
signature.asc
Description: This is a digitally signed message part