Hello Steffen, On Wed, Nov 15 2017, Steffen Möller wrote:
> I would really like to see updates performed in some automated > fashion. Maybe into a different section of Debian like sid-auto? The > problem with that obviously is the missing scrutiny by the human > maintainer, so it cannot go straight into sid. Or can it? Maybe with > an auto-created bug report against the package so it does not > auto-migrate into testing? There is an interesting social dimension to the scrutiny by a human maintainer. Debian package maintainers rarely review in detail the full diffs between upstream releases, relying instead on trust relationships that exist with upstream maintainers. However, I suspect that those trust relationships are supported in turn by the knowledge that the Debian maintainer /could/ review the full diff, or do a partial review. If an upstream author knows their code will go straight into an active Debian suite when they push a git tag to GitHub, the trust dynamic is changed, I think for the worse. > A similar situation I see with backports. Most commonly all that is > needed is a recompilation. Would an automation of that process be > acceptable? Would it be acceptable for packages that offer some means > of automated testing and are in backports already? This seems much riskier, because we're talking about packages that get installed on stable systems, which are more likely to be doing security-sensitive work (I know that we don't give the same guarantees for stable+backports that we do for stable, but the point remains). -- Sean Whitton
signature.asc
Description: PGP signature
