Re: LaMont Jones, WTH are you doing?
Thorsten Glaser <tg@debian.org> writes:
> I’ve been seeing this on d-d-changes for a while now. Please explain,
> otherwise I’m going to call for an binNMU (on every binary you uploaded)
> before wheezy is released, since we obviously cannot trust these bina‐
> ries and they’re not exactly leaf packages with < 100 users…
I think it obvious you are overreacting, Thorsten ;)---though it does
look like LaMont may have a small configuration problem, and it is
probably worth bringing to his attention...calmly.
With regards to the "issues" you point out, all are fairly easily
explicable:
First, it doesn't seem unusual for LaMont to build packages for all
architectures he had access to; I would *hope* he would use a clean
build solution, though it certainly wasn't part of policy when I was a
DD---the solutions weren't mature then, either.
The files being in an unusual order is easily explicable: mergechanges
doesn't guarantee a particular order---it depends on the order in which
you specify the .changes files on the command line.
I would further guess that *one* of the machines he built on *is* an
Ubuntu host, but that would be a perfectly legitimate build server
*using a Debian build root*---but if the configuration wasn't scoured
for Ubuntu-ish addresses or the like, you could easily end up with a
package built for Debian but with Ubuntu-droppings in the .changes file.
An oversight, and worth fixing, but hardly evidence that anything is
untrustworthy.
And, of course, all of this is pretty easily verifiable by downloading
the binaries and examining what they depend on---I believe Ubuntu libs
all have 'ubuntu' in their name, no? Examine the actual dependencies.
Really, A simple message pointing out the seeming configuration issues
could have served much more effectively than a screed labeling things
obvious that most definitely are not.
Mike.
Reply to: