[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: BREAKING NEWS: Debian developers aren't trusted

On Wed, Feb 14, 2007 at 09:15:17PM +1000, Anthony Towns wrote:
> On Wed, Feb 14, 2007 at 07:12:31PM +1100, Hamish Moffatt wrote:
> > Then you don't see any conflict of interest between the arm buildd admin
> > and the ftp-master?
> 
> No, I don't. I don't see any conflict of interest in being a package
> maintainer and an ftp-master, either.

Do you think an ftp-master should admit his own packages through NEW
processing, hypothetically?

> > The fact that Aurelien's buildd was running on qemu seems to be beside
> > the point (and wouldn't even be detectable if he hadn't blogged about
> > it); it's the fact that he was running a "rogue" buildd.
> 
> Uh, no. That it's run under qemu introduces a significant risk that
> the builds may be unreproducible or unusable on real systems (this
> risk deferred the use of an emulator for autobuilding m68k until it was
> decided it wouldn't make the etch release, eg). Personally, I think that

Fine, I agree that this was not a decision that one maintainer should
make unilaterally. I don't think that another project member
unilaterally banning it without discussion is right either. How about a
polite request to stop while the issue can be discussed and a consensus
formed?

> There are additional problems with running a rogue autobuilder, such as
> unavailability of build logs, unreproducibility of builds, and unusability
> of the builds by the security team. Aurelian's buildds had the additional
> problem that they'd repeatedly rebuild packages they'd already uploaded,
> which isn't really useful. There's a potential issue wrt whether the
> build environment is secure as well, but I'm not familiar enough with
> that on any level to comment in any detail. All these could be solved
> by someone committed to making sure they do at least as good a job as
> the regular buildd network though.

Aren't most of these problems (rebuilding packages unnecessarily and
unavailability of logs) due to the difficulting getting new buildds
added to the regular network? Are there technical reasons why we can't
add new buildds more freely, or only political/social reasons?

> > I mean, how dare he try to help the project in this way.
> 
> There's nothing wrong with trying to help the project, the problem is
> when you don't give a damn about the problems your attempts cause. Having

Yes, many parties involved in this issue are guilty of this.

> a debate on the lists or running a GR doesn't help show qemu builds are
> workable, and doesn't help your build system provide the features the
> existing build network does that other developers rely on. I find it
> pretty hard to see this as "trying to help the project", rather than
> "trying to win your rather pointless fight with the buildd admins".

Indeed perhaps it was, so I'd very much like to get answers to my
question above. 

Thanks in advance,

Hamish
-- 
Hamish Moffatt VK3SB <hamish@debian.org> <hamish@cloud.net.au>
Reply to: