[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [GR] DD should be allowed to perform binary-only uploads

On Sat, Feb 10, 2007 at 12:02:57AM +0000, Stephen Gran wrote:
> This one time, at band camp, Pierre Habouzit said:
> > 
> >   I also addressed that part in my mail. The arguments I've read against
> > "rogue" buildds are threefold:
> >   * security (I _really_ think it's nonsense, as it's not less secure
> >     than the usual DD's uploads, which I tried to prove) ;
> > 
> >   [0] in fact I'd even say that if it's done at the "industrial" scale,
> >       there is a lot of chances the person doing it has built an
> >       automatized system based on sbuild or another very used system
> >       anyway.
> I see that someone else has mentioned reproducibility, so we can leave
> that part of the argument there.

  Such an argument is pro source-only uploads if I'm not mistaken ;)

> One thing that strikes me is that in all of the emails so far,
> everyone is ignoring that this whole thing started because Aurelien
> decided to start autobuilding packages in qemu.

  That's not what justified the alpha problem afaict, was it ?

> I agree that the way the restriction was implemented was odd, but I can
> see the point of it.  I doubt that the occasional one off binNMU is
> going to have very much affect on the quality of the archive overall,
> but I do have serious misgivings about people setting up rogue
> autobuilders on a whim.

  Well, now is the point where the discussion will go about buildd's
admin reliability I suppose ...  Btw, I wonder, why rebuilds, putting
packages in dep-wait and any other repetitive tasks need _the_ buildd
admin to be done ? Why can't any maintainer do that with a proper signed
mail ?  _that_ would save a lot of burden wouldn't it ? Especially since
I'm told that the interaction with the buildd's is already mail
·O·  Pierre Habouzit
··O                                                madcoder@debian.org
OOO                                                http://www.madism.org

Attachment: pgpu9hhn25XVg.pgp
Description: PGP signature

Reply to: