On Tue, Nov 10, 2009 at 10:17:05PM -0600, Adam Majer wrote:
> It is *one* way of making sure the archive is consistent. But the idea
> behind source-only is to remove the necessity of uploading giant
> binaries if they are to be tossed anyway. For example, OpenOffice
> revisions, or Linux kernel revisions, or even  Qt revisions.
> 
> The bottom line is trust. You trust developers to take
> care of packages, more or less. You trust developers NOT to insert any
> malicious code (be it DD or upstreams). You trust developers to
> actually use the packages they upload, at least from time to time, so
> they know how to respond to bugs. But you do not trust developers to
> actually compile the package in the first place? That seems a little
> out of place.

These are nice principles, but reality can be different.

Have you ever did some archive-wide QA activity? If you did, you've
surely noticed that more often than one can imagine, trust _seems_ to be
misplaced (by only technical means, we cannot say _why_ it happens
though, sometimes it can be real negligence, some other normal
mistakes).

At that point, it is all a matter of trade-offs, you can have full trust
and still have some convenience mechanisms that balance the most
dangerous cases. For instance, you can have the default way of uploading
that "forces" you to upload binaries and a technical more tricky way
that enables you to do source-only uploads.

Personally, I think that the extreme trade-off of making source upload
the default (which seems to be what you are arguing for) would be too
risky in term of degraded package quality. Look for the "FTBFS" string
in the current RC bug list, do you think the number of occurrences we
have now would decrease implementing such a proposal?

Cheers.

-- 
Stefano Zacchiroli -o- PhD in Computer Science \ PostDoc @ Univ. Paris 7
z...@{upsilon.cc,pps.jussieu.fr,debian.org} -<>- http://upsilon.cc/zack/
Dietro un grande uomo c'è ..|  .  |. Et ne m'en veux pas si je te tutoie
sempre uno zaino ...........| ..: |.... Je dis tu à tous ceux que j'aime

Attachment: signature.asc
Description: Digital signature

Reply via email to