On Mon, May 15, 2017 at 07:53:59PM +0800, Paul Wise wrote: > On Mon, May 15, 2017 at 7:48 PM, Antonio Terceiro wrote: > > > This is a common misconception. DSA does *not* require that the service > > is packaged. On the contrary, they say it's better if the service is > > *not* from a package because this way the service admin does not need to > > have root access on the machine where the service is hosted. > > Uhhh, I think that misrepresents DSA's position. For most things that > might run on a future Alioth replacement, we would definitely want > them packaged properly.
Right. IIRC that was said to me at Debconf16 about Debian-specific services (such as ci.debian.net which was the context of my question). It makes sense to prefer packages for something that has a proper upstream that is not us, which is the case in this discussion. In any case, it would be super useful to have this explicitly documented at the DSA website.
signature.asc
Description: PGP signature
