Re: [GR] DD should be allowed to perform binary-only uploads
On Fri, Feb 09, 2007 at 01:52:20PM +0100, Reinhard Tartler wrote:
> Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr> writes:
> > The Debian project resolves that Debian developers allowed to perform
> > combined source and binary packages uploads should be allowed to perform
> > binary-only packages uploads for the same set of architectures.
> The use case I imagine at this point is that a maintainer uploads a
> library package src+bin (e.g. src+amd64) for his private arch, and after
> weeks he notices, that it still has not been built on e.g. sparc yet. So
> he decides to start his spare Ultra 1 workstation, builds the package in
> his custom environment and uploads it.
This seems legitimate to me. What's not legitimate is creating
an unofficial/untrastable buildd network with the same purpose to
manage those things automatically without or with minimal human
intervention and also usable by third parties.
We have an official network and we need to ensure it has possibly a 99% uptime.
Giving the possibility to manage an unknown number of alternative networks
which run whenever one likes and with unknown access policies is not a good
approach. The security implications of those practices should be evident to anyone.
But maybe I'm optimist...
Francesco P. Lovergine