On Wed, Oct 28, 2009 at 07:12:15AM +0100, Stefano Zacchiroli wrote: > On Mon, Oct 26, 2009 at 02:29:47PM -0500, Adam Majer wrote: > > Or here's a radical idea - allow source only uploads of packages. > > He, radical, but not new :) It has been discussed to death various > times. The most likely (and IMO better) alternative to that is uploading > binaries but trowing them away for autobuilding. If you hold your breath > just a bit more, it might be happening soonish [1,2]. And thanks to the > FTP masters for their work on this!
It is *one* way of making sure the archive is consistent. But the idea behind source-only is to remove the necessity of uploading giant binaries if they are to be tossed anyway. For example, OpenOffice revisions, or Linux kernel revisions, or even Qt revisions. The bottom line is trust. You trust developers to take care of packages, more or less. You trust developers NOT to insert any malicious code (be it DD or upstreams). You trust developers to actually use the packages they upload, at least from time to time, so they know how to respond to bugs. But you do not trust developers to actually compile the package in the first place? That seems a little out of place. Now as to address some flabbergasted responses I've received to my original post, it was merely an illustration how this stuff actually *works*. There is a lot of dirt that gets swept underneath the rug, so to speak. Just look at any large package's bug reports. You'll notice the HUGE amount of bugs that are not closed and not followed. And regarding build-dependencies, why people tend to keep adding and adding build depends and rarely remove stuff that is not needed anymore? No need to answer. - Adam -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
