Paul, On Mon, 2011-07-04 at 11:36 +0100, Paul Wise wrote: > On Mon, Jul 4, 2011 at 11:27 AM, Kilian Krause <kilian@debian.org> wrote: > > > That exactly was my idea too. To ship a source that is known and can be > > predicted regarding changes. If a security upload would be required but > > autoconf generates a broken configure due to some circumstances that > > couldn't be predicted at time the package was uploaded to unstable this > > is bad and will cause more time to be spent than what would actually be > > required for *only* fixing the bug. > > Which is why we should rebuild from source as often as possible to > catch those issues. Seconded. > > In other words I did say: generate whatever dh-autoconf would get you > > dynamically, test it, put it together as a patch and ship that patch > > statically for everyone to read what exactly the change is instead of > > hushing it up inside a large set of deep magic (that in my experience > > may or may not work based on "random" circumstances - depending on the > > upstream sources). > > That sounds like something that goes against the spirit of our social > contract, specifically "We will not hide problems". By shipping a > pre-built build system you are papering over any autotools bugs; those > should be known and fixed instead. I would say there's a difference between "hiding a problem" and calling for one. But as already explained, maybe the situation has improved and things go smoothly now. I'll be looking into this once time permitting. -- Best regards, Kilian
Attachment:
signature.asc
Description: This is a digitally signed message part