[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#90511: proposal] disallow multi-distribution uploads



On Thu, Mar 22, 2001 at 07:31:18AM +1100, Herbert Xu wrote:
> On Wed, Mar 21, 2001 at 10:37:56AM -0500, Ben Collins wrote:
> > Remember that the majority of uploads to stable are done by the security
> > team and the buildd's. I don't think this is a lot of effort for the
> > maintainers, since it isn't done often enough to be cumbersome, like it
> > would have been for "frozen unstable" uploads.
> 
> Well this hasn't been the case in my experience.  Most of the security
> problems that has occured in my packages resulted in uploads by myself, not
> the security team.
> 
> > Think of a base system. If things are allowed to continue this way, it
> > means the base system will be comprised of a lot of different versions
> > of the same library. That makes a base install larger
> 
> This is a different issue.  Besides, you won't solve it by gettint people
> to do different uploads since they can compile both on stable (some
> developers only run stable machines immediately after a release).  What you
> need to here is to file bug reports against packages that compile against
> obsolete sonames.
> 
> > This isn't about keeping old libraries around. For one, people can
> > always get it from the old dist, or they will just keep it installed and
> > not remove it. This is about the libraries required by Debian packages
> > themselves. New uploads should always strive to be built agains the
> > latest packages, to reduce the dependency chain in the dist, and
> > increase integrity of the compile base.
> 
> But you won't solve the soname problem by doing this since uploading to
> unstable doesn't mean that the package was actually compiled on unstable.
> Personally bug reports have been just fine in solving this problem.
> 
> And as I said in my previous message, for libraries with the soname
> (like glibc), you do want to test it against old -dev packages to ensure
> binary compatibility.

None of these arguments says that allowing simultaneous stable/unstable
uploads has any technical merit. Disallowing it does not solve the problems
altogether, but it does raise awareness, and forbids explicitly allowing
the problems.

-- 
 -----------=======-=-======-=========-----------=====------------=-=------
/  Ben Collins  --  ...on that fantastic voyage...  --  Debian GNU/Linux   \
`  bcollins@debian.org  --  bcollins@openldap.org  --  bcollins@linux.com  '
 `---=========------=======-------------=-=-----=-===-======-------=--=---'



Reply to: