Re: Legal advice regarding the NEW queue
Le samedi 05 février 2022 à 15:07 +0000, Andrew M.A. Cater a écrit :
> There's a huge amount of software that's undistributable: Debian's
> good faith attempt to review this is one of the crucial arguments I
> have with $DAYJOB about the benefits of a curated distribution,
> however fallible we may be.
That is a strong point and a main difference in quality with other
distributions.
> I think we should use automated tools where available, query with
> upstream where practicable, and continue doing what we're doing as
> far as possible, in my humble opinion.
I would see the screening like this:
- only source uploads are allowed (NEW and all) ;
- automatic building of binary packages ;
- automatic tools try to find problems (licensing and all) ;
- as a last step, human checks for license issues in NEW and randomly
on existing packages. At least if they have seen updates since their
NEW review -- I'm wondering how many packages are a one-time shot?
> Reproducible builds and DEP-5 / SPDX are also crucial in improving
> everyone's quality - I don't see commercial/enterprise distributions
> doing this valuable public service but I very much value the fact
> that Debian does it, for example.
I would add our network of buildd/porterbox to the list of good things
we can boast about.
Cheers,
J.Puydt
Reply to: