[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: BREAKING NEWS: Debian developers aren't trusted

On Wed, Feb 14, 2007 at 11:16:56PM +1100, Hamish Moffatt wrote:
> > There are additional problems with running a rogue autobuilder, such as
> > unavailability of build logs, unreproducibility of builds, and unusability
> > of the builds by the security team. Aurelian's buildds had the additional
> > problem that they'd repeatedly rebuild packages they'd already uploaded,
> > which isn't really useful. There's a potential issue wrt whether the
> > build environment is secure as well, but I'm not familiar enough with
> > that on any level to comment in any detail. All these could be solved
> > by someone committed to making sure they do at least as good a job as
> > the regular buildd network though.

> Aren't most of these problems (rebuilding packages unnecessarily and
> unavailability of logs) due to the difficulting getting new buildds
> added to the regular network? Are there technical reasons why we can't
> add new buildds more freely, or only political/social reasons?

Technical reasons: there are various problems that arise on buildds, not
because of poor maintenance practices but because of the fallibility of
hardware and networks and all that jazz, that have an impact on the
performance of the architecture as a whole wrt keeping up with the archive.
As a result, the effort for managing autobuilders for an architecture scales
on the order of O(n log n) for the number of buildds, i.e., there
is a penalty for running buildds we don't need.  Not that you'd know it by
reading the Debian lists, but developer time is actually a scarce commodity,
and we should be wary of squandering it, would you agree?

Even if you find volunteers who think this is a good use of their time and
want to help defray the maintenance costs by acting as co-admins, you then
have increased coordination overhead as well.

Obviously for buildds we /need/, these are costs we have to bear; why would
we want to do that when we /don't/ need more buildds?

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/

Reply to: