On 21/05/2016 8:03 AM, Hakan Peker wrote:
> You looking for a technical solution to a social problem. sources.list
> exist for the very purpose that repositories can be added to the system.
> A system where this facility don't exist or restricted is a form of
> walled garden.
>
> Adding an update
On 05/20/2016 10:35 PM, Vincent Danjean wrote:
Le 19/05/2016 19:20, Hakan Peker a écrit :
On 05/19/2016 06:18 PM, Daniel Pocock wrote:
From a technical perspective, can we do more to prevent users being
surprised by packages putting new entries in /etc/apt/sources.list.d?
Please no. The sys
On Sat, May 21, 2016 at 8:32 PM, Adam Borowski wrote:
> This looks wrong to me: a vast majority of machines these days have a single
> user, thus pwning root gives you little additional gain.
Getting further into a system (user -> root -> GRUB -> MBR -> boot
firmware -> peripheral firmware) gives
On Sat, May 21, 2016 at 01:47:41PM +0800, Paul Wise wrote:
> On Thu, May 19, 2016 at 11:18 PM, Daniel Pocock wrote:
>
> > More and more frequently I'm encountering systems where third-party
> > repositories have been added into /etc/apt/sources.list or
> > /etc/apt/sources.list.d, usually put ther
On Samstag, 21. Mai 2016 10:53:34 CEST Vincent Bernat wrote:
> ❦ 21 mai 2016 10:24 +0200, Martin Steigerwald :
> > Still, the turn around time between upstream and debian release would be
> > quite high for Debian stable users, but maybe part of such a
> > collaboration could be to also provide n
On Samstag, 21. Mai 2016 11:13:41 CEST Lars Wirzenius wrote:
> On Sat, May 21, 2016 at 10:07:43AM +0200, Martin Steigerwald wrote:
> > I wonder about a landing page for upstreams interested in working with the
> > Debian project to provide packages within the official Debian repos.
>
> Is https://
❦ 21 mai 2016 09:40 +0200, Ole Streicher :
>>> Providing a proper Debian source package is also a lot more work than
>>> writing some kind of ad-hoc build system that spits out a .deb or
>>> three.
>>
>> Totally agree. Our standards are far too high for many upstreams.
>
> which is a Good Thing.
❦ 21 mai 2016 10:24 +0200, Martin Steigerwald :
> Still, the turn around time between upstream and debian release would be
> quite
> high for Debian stable users, but maybe part of such a collaboration could be
> to also provide newer releases via backports. Also… if upstream wants to
> rele
On Sat, May 21, 2016 at 10:07:43AM +0200, Martin Steigerwald wrote:
> I wonder about a landing page for upstreams interested in working with the
> Debian project to provide packages within the official Debian repos.
Is https://wiki.debian.org/UpstreamGuide the kind of page you mean? It
is not nec
On Samstag, 21. Mai 2016 10:24:22 CEST Martin Steigerwald wrote:
> I wonder about some kind of adopt an upstream within a Debian team kind of
> approach. A landing page and mailing list where upstream can write in for
> getting help and advice and voicing their needs. And when there are people
>
On Samstag, 21. Mai 2016 10:24:06 CEST Lars Wirzenius wrote:
> Et cetera. Debian has one set of quality factors it particularly cares
> about, and some upstreams think differently.
Yes, I seen all those reasons you mentioned.
I just wonder how about if upstreams can learn easily how to work toget
Hello Paul,
On Samstag, 21. Mai 2016 14:07:53 CEST Paul Wise wrote:
> On Fri, May 20, 2016 at 1:34 PM, Vincent Bernat wrote:
> > Totally agree. Our standards are far too high for many upstreams.
>
> I don't understand the disconnect here. Are upstreams not interested
> in software quality to the
Vincent Bernat writes:
> ❦ 19 mai 2016 18:04 +0100, Ian Jackson :
>>> b) many upstreams appear frustrated about getting their package
>>> officially supported in Debian. Sometimes there is good reason their
>>> package doesn't belong in Debian but sometimes it is more about inertia
>>> in Debia
On Sat, May 21, 2016 at 02:07:53PM +0800, Paul Wise wrote:
> On Fri, May 20, 2016 at 1:34 PM, Vincent Bernat wrote:
>
> > Totally agree. Our standards are far too high for many upstreams.
>
> I don't understand the disconnect here. Are upstreams not interested
> in software quality to the extent
❦ 21 mai 2016 14:55 +0800, Paul Wise :
>> For some languages, embedded copies are a pattern. Notably Go. But there
>> is also the omnibus stance: the embedded copy could not be in the
>> source, but could be in the shipped artifact. This includes Go, JS and
>> Java (when using uberjars). For som
On Sat, May 21, 2016 at 2:46 PM, Vincent Bernat wrote:
> A meta tool "package me this" would be interesting.
There is debdry but it got orphaned.
> many of those tools are too complex for many upstreams because they
> don't want to package each dependency one by one. For example,
> dh-make-golan
❦ 21 mai 2016 14:07 +0800, Paul Wise :
>> Totally agree. Our standards are far too high for many upstreams.
>
> I don't understand the disconnect here. Are upstreams not interested
> in software quality to the extent we are?
Many of them don't consider packaging quality as important. As long as
On Fri, May 20, 2016 at 1:34 PM, Vincent Bernat wrote:
> Totally agree. Our standards are far too high for many upstreams.
I don't understand the disconnect here. Are upstreams not interested
in software quality to the extent we are?
> I am always flabestered by the popularity of fpm to build De
On Fri, May 20, 2016 at 1:26 PM, Vincent Bernat wrote:
> testing is not suitable for most people because:
>
> 1. no security support
This can be mitigated by adding unstable to your sources.list and
using a wrapper around debsecan to automatically pull in packages from
unstable when
there are se
On Thu, May 19, 2016 at 11:18 PM, Daniel Pocock wrote:
> More and more frequently I'm encountering systems where third-party
> repositories have been added into /etc/apt/sources.list or
> /etc/apt/sources.list.d, usually put there by some .deb package that a
> user installed from some third party
Hi Daniel,
Le Thu, May 19, 2016 at 05:18:28PM +0200, Daniel Pocock a écrit :
>
> From a technical perspective, can we do more to prevent users being
> surprised by packages putting new entries in /etc/apt/sources.list.d?
maybe you are looking for an Apt option that would only install a package i
Le 19/05/2016 19:20, Hakan Peker a écrit :
> On 05/19/2016 06:18 PM, Daniel Pocock wrote:
>> From a technical perspective, can we do more to prevent users being
>> surprised by packages putting new entries in /etc/apt/sources.list.d?
>>
> Please no. The system is working as intended. I don't think
❦ 20 mai 2016 08:59 -0300, Antonio Terceiro :
>> testing is not suitable for most people because:
>>
>> 1. no security support
>
> That's not true. Proper security fixes will get into testing after 2
> days in unstable if everything goes right as long as the maintainer, or
> something that car
On Fri, May 20, 2016 at 02:40:56PM +0200, Ole Streicher wrote:
> This behavious may be useful for a development platform, but for an end
> user this is just inacceptable.
This is why we keep saying that testing is a tool for the release team
and not a suite ment for users.
Despite that it is su
Antonio Terceiro writes:
> On Fri, May 20, 2016 at 07:26:28AM +0200, Vincent Bernat wrote:
>> 2. packages can disappear at any time
>
> If they are broken. In my book that a feature and not a bug.
>From the user's perspective, they are also often *not* broken. Just take
the "pandas" package as a
]] Bas Wijnen
> Debian stable is for users who want a rock solid system. It is out of date by
> the nature of how it is built. Users who want to get the newest versions of
> their software should not be running stable; testing is probably better for
> them.
This often isn't what users want, th
On 2016-05-20 at 07:59, Antonio Terceiro wrote:
> On Fri, May 20, 2016 at 07:26:28AM +0200, Vincent Bernat wrote:
>
>> ❦ 19 mai 2016 16:39 GMT, Bas Wijnen :
>>
>>> Debian stable is for users who want a rock solid system. It is
>>> out of date by the nature of how it is built. Users who want t
On Fri, May 20, 2016 at 07:26:28AM +0200, Vincent Bernat wrote:
> ❦ 19 mai 2016 16:39 GMT, Bas Wijnen :
>
> > Debian stable is for users who want a rock solid system. It is out of date
> > by
> > the nature of how it is built. Users who want to get the newest versions of
> > their software sh
Le Fri, May 20, 2016 at 07:34:59AM +0200, Vincent Bernat a écrit :
>
> I am always flabestered by the popularity of fpm to build Debian
> packages (and by the increasing popularity of pleaserun by the same
> author on the same concepts). It provides a way to easily build a Debian
> package from a
❦ 19 mai 2016 18:04 +0100, Ian Jackson :
>> b) many upstreams appear frustrated about getting their package
>> officially supported in Debian. Sometimes there is good reason their
>> package doesn't belong in Debian but sometimes it is more about inertia
>> in Debian or the upstream isn't aware
❦ 19 mai 2016 16:39 GMT, Bas Wijnen :
> Debian stable is for users who want a rock solid system. It is out of date by
> the nature of how it is built. Users who want to get the newest versions of
> their software should not be running stable; testing is probably better for
> them.
testing is
On Thu, May 19, 2016 at 04:39:24PM +, Bas Wijnen wrote:
> > Hell, teams packaging Mozilla-soft and PostgreSQL are DDs maintaining
> > *external archives* because it's easier.
>
> This indicates that our procedures are too hard. That needs to be fixed.
> Maybe people from those teams are readi
Paul Tagliamonte writes ("Re: third-party packages adding apt sources"):
> [cc'ing devel, since this is a rant that involves technical topics, and
> god knows I only go on so many rants a year these days]
I think you may have only BCC'd -devel, or something.
> >
Bas Wijnen writes ("Re: third-party packages adding apt sources"):
> On Thu, May 19, 2016 at 07:15:01PM +0200, Daniel Pocock wrote:
> > Another thing comes to mind: making sure that even if the user
> > explicitly allows some other repository, they are protected from pack
Daniel Pocock writes:
> Another thing comes to mind: making sure that even if the user
> explicitly allows some other repository, they are protected from package
> updates that come along and replace other things like apt itself, libc,
> bash, gnupg, ...
While this would be nice to prevent accid
Daniel Pocock writes ("Re: third-party packages adding apt sources"):
> On 19/05/16 19:04, Ian Jackson wrote:
> > Debian proper has a very high bar for inclusion. Obviously there are
> > perhaps some packages which are close to suitable for inclusion, but
> > t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, May 19, 2016 at 07:15:01PM +0200, Daniel Pocock wrote:
> Another thing comes to mind: making sure that even if the user
> explicitly allows some other repository, they are protected from package
> updates that come along and replace other thing
On 05/19/2016 06:18 PM, Daniel Pocock wrote:
More and more frequently I'm encountering systems where third-party
repositories have been added into /etc/apt/sources.list or
/etc/apt/sources.list.d, usually put there by some .deb package that a
user installed from some third party site.
Hey, Th
On 19/05/16 19:04, Ian Jackson wrote:
> Daniel Pocock writes ("third-party packages adding apt sources"):
>> b) many upstreams appear frustrated about getting their package
>> officially supported in Debian. Sometimes there is good reason their
>> package doesn't belong in Debian but sometimes i
Daniel Pocock writes ("third-party packages adding apt sources"):
> b) many upstreams appear frustrated about getting their package
> officially supported in Debian. Sometimes there is good reason their
> package doesn't belong in Debian but sometimes it is more about inertia
> in Debian or the up
On 2016-05-19 17:39, Bas Wijnen wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, May 19, 2016 at 11:46:53AM -0400, Paul Tagliamonte wrote:
[cc'ing devel, since this is a rant that involves technical topics,
and
god knows I only go on so many rants a year these days]
You didn't a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, May 19, 2016 at 11:46:53AM -0400, Paul Tagliamonte wrote:
> [cc'ing devel, since this is a rant that involves technical topics, and
> god knows I only go on so many rants a year these days]
You didn't actually do this.
> > Sometimes there is
On Thu, May 19, 2016 at 08:45:09AM -0700, Russ Allbery wrote:
> I don't think we can provide that inside Debian, at least without some
> pretty significant changes to how we handle stable releases that are
> contrary to some of our goals for stable.
I think I heard someone saying "PPA" or such…
;
[cc'ing devel, since this is a rant that involves technical topics, and
god knows I only go on so many rants a year these days]
On Thu, May 19, 2016 at 05:18:28PM +0200, Daniel Pocock wrote:
> b) many upstreams appear frustrated about getting their package
> officially supported in Debian.
Yeah,
Daniel Pocock writes:
> b) many upstreams appear frustrated about getting their package
> officially supported in Debian. Sometimes there is good reason their
> package doesn't belong in Debian but sometimes it is more about inertia
> in Debian or the upstream isn't aware about backports and thi
45 matches
Mail list logo
