On Tue, Nov 10, 2009 at 10:17:05PM -0600, Adam Majer wrote: > It is *one* way of making sure the archive is consistent. But the idea > behind source-only is to remove the necessity of uploading giant > binaries if they are to be tossed anyway. For example, OpenOffice > revisions, or Linux kernel revisions, or even Qt revisions. > > The bottom line is trust. You trust developers to take > care of packages, more or less. You trust developers NOT to insert any > malicious code (be it DD or upstreams). You trust developers to > actually use the packages they upload, at least from time to time, so > they know how to respond to bugs. But you do not trust developers to > actually compile the package in the first place? That seems a little > out of place.
These are nice principles, but reality can be different. Have you ever did some archive-wide QA activity? If you did, you've surely noticed that more often than one can imagine, trust _seems_ to be misplaced (by only technical means, we cannot say _why_ it happens though, sometimes it can be real negligence, some other normal mistakes). At that point, it is all a matter of trade-offs, you can have full trust and still have some convenience mechanisms that balance the most dangerous cases. For instance, you can have the default way of uploading that "forces" you to upload binaries and a technical more tricky way that enables you to do source-only uploads. Personally, I think that the extreme trade-off of making source upload the default (which seems to be what you are arguing for) would be too risky in term of degraded package quality. Look for the "FTBFS" string in the current RC bug list, do you think the number of occurrences we have now would decrease implementing such a proposal? Cheers. -- Stefano Zacchiroli -o- PhD in Computer Science \ PostDoc @ Univ. Paris 7 z...@{upsilon.cc,pps.jussieu.fr,debian.org} -<>- http://upsilon.cc/zack/ Dietro un grande uomo c'è ..| . |. Et ne m'en veux pas si je te tutoie sempre uno zaino ...........| ..: |.... Je dis tu à tous ceux que j'aime
signature.asc
Description: Digital signature