On Mon, 17 Jun 2024, 18:50 Simon Richter, <s...@debian.org> wrote: > Hi, > > On 6/17/24 18:49, Marco d'Itri wrote: > > >> There is another aspect he mentioned: he thinks the uploader needs > to test > >> the build of the package. (I'm theory I agree, but there are > situations > > > Everybody can upload totally untested packages even without tag2upload: > > maybe tag2upload would make this marginally easier, but then I do not > > believe that this is a compelling enough argument to offset the benefits > > of a tag2upload-like service. > > Minimal testing already generates a source package -- so it > disproportionately benefits workflows that upload totally untested > packages.
We are well past that point due to source-only uploads. Users do not use source packages, they use binaries. And binaries published to users in vast majority of cases are built by our servers and not by the maintainer. And that is a good thing as well as that greatly reduces the chance of weird settings or weird build software on my machine breaking the software binaries for our users. Same applies to source packages. They are not source, they are just a technical intermediate format. For testing I'd rather tag a test build on Salsa CI, the 15 minutes later check logs, download the compiled deb file, test with that and tag to commit and release with confidence that the same tooling in the same environment will build the real release source and binary. This can be later enhanced to build and wait a bit to let you do a smoke test on final binaries before going ahead with upload.
