On Sun, Mar 15, 2020 at 06:55:43AM -0500, Michael Lustfield wrote: > > > > > (packages in NEW must not be downloaded from ftp-master.d.o to > > > > > your > > > > > local machine) > > > > Just curious: Why is that the case? > > > Out of an abundance of caution. Until after the package has been > > > reviewed, > > > there's no knowing if it's distributable and downloading a package from > > > ftp- > > > master.d.o to another machine outside debian.org is a distrubution. > > [...] > > This "abundance of caution" rule is utterly obsolete this millenium. It > > made some sense when distributing software was done by snail-mailing a > > floppy or a stack of them. > > My knee-jerk response is to agree. There is a lock which also applies to > reviewing a package. This means only one person can be looking at it at a > time. > We often just open a github/gitlab/etc. page if multiple people need to > discuss > the package (usually team member asking a trainee something). The content has > already been distributed. Why should this be any different from mentors.d.n, > where such practice is required? > > The problem is that this server is *the* distribution point for the Debian > archive. This feels like a weird gray area that shouldn't be messed around > with. > > Personally, I was shocked when I found out we do review on the same server > that > hosts the archive. I would have expected a separate server for review.
+1, though talk is cheap :)
--
cheers,
Holger
-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
signature.asc
Description: PGP signature
