Re: discuss debian 's attitude to ppa

To: debian-user@lists.debian.org
Subject: Re: discuss debian 's attitude to ppa
From: Petter Adsen <petter@synth.no>
Date: Sat, 23 May 2015 11:06:57 +0200
Message-id: <[🔎] 20150523110657.1ba4a1df@monster>
In-reply-to: <[🔎] BLU436-SMTP226FFC9680D09CCF2EB18F4BCCF0@phx.gbl>
References: <[🔎] BLU436-SMTP118A0427F8D8E427D3C4CEEBCCF0@phx.gbl> <[🔎] 55602015.3030809@eumx.net> <[🔎] BLU436-SMTP1673C3DC5C236CF3F042690BCCF0@phx.gbl> <[🔎] 20150523092855.36d02c7c@monster> <[🔎] BLU436-SMTP226FFC9680D09CCF2EB18F4BCCF0@phx.gbl>

On Sat, 23 May 2015 16:28:19 +0800
mudongliang <mudongliangabcd@hotmail.com> wrote:

> On 05/23/2015 03:28 PM, Petter Adsen wrote:
> > The major problem with using a ppa is that the software has not been
> > vetted by the Debian project. It could contain malware or other
> > security problems, and the maintainer of the ppa can suddenly
> > decide to drop support of it, leaving you with a package that does
> > not receive updates.
> >
> > You need to consider whether you trust the person running the ppa to
> > not introduce weaknesses to your system. With the Debian
> > repositories, there is a system in place to handle all of this.
> > Adding a foreign repository _can_ make you vulnerable. You just
> > don't know.
> I think Debian is a distribution which focuses security and stablity.
> So maybe it should help these interesting ,useful,meaning project
> import into Debian project!

If you want to get the package adopted by Debian, there is nothing to
stop you from offering to maintain it yourself. Somebody needs to take
on the responsibility of building the package for Debian, and provide
updates and fixes.

In the Debian community, this happens within a framework. Everyone is
free to contribute and suggest packages for adoption, but it is still
dependent on someone actually taking responsibility for the package in
question. I have no idea what the package you are talking about is, but
if there is a significant need for it, I suggest you go through the
appropriate channels to have it adopted. There is probably information
on how to do this on the wiki, I'm just too lazy to check.

(OK, I checked ;)

Read this:

https://www.debian.org/doc/manuals/maint-guide/index.en.html

That is a guide on building/maintaining Debian packages. You should also
take a look at:

https://www.debian.org/doc/debian-policy/ch-binary.html

And read this if you want the package to actually be adopted:

https://wiki.debian.org/SponsorChecklist

If there are other things you need to know about, I hope someone else
will speak up, as I know little about this.

Petter

-- 
"I'm ionized"
"Are you sure?"
"I'm positive."

Attachment: pgp6ouFaxjcBD.pgp
Description: OpenPGP digital signature

Reply to:

References:
- discuss debian 's attitude to ppa
  - From: mudongliang <mudongliangabcd@hotmail.com>
- Re: discuss debian 's attitude to ppa
  - From: Dalios <dalios@eumx.net>
- Re: discuss debian 's attitude to ppa
  - From: mudongliang <mudongliangabcd@hotmail.com>
- Re: discuss debian 's attitude to ppa
  - From: Petter Adsen <petter@synth.no>
- Re: discuss debian 's attitude to ppa
  - From: mudongliang <mudongliangabcd@hotmail.com>

Prev by Date: Re: discuss debian 's attitude to ppa
Next by Date: Re: Problems getting started with QtQuick and QtCreator
Previous by thread: Re: discuss debian 's attitude to ppa
Next by thread: Re: discuss debian 's attitude to ppa
Index(es):
- Date
- Thread