On Fri, Feb 09, 2007, Loïc Minier wrote:
> I am not sure you got my last two arguments, or you're distorting them
> here: I'm not discussing the current or best upload rights, I would
> certainly prefer it if everybody could upload arm binaries; what I'm
> pointing at is that this GR might com
Sam Hocevar <[EMAIL PROTECTED]> wrote:
>I think you got it backwards, it seems to me to be about reinstating
> some developers' rights. Unless unilaterally preventing developers from
> doing something that has always be possible in Debian is considered a
> right, of course.
Ah, we'll need ano
At 1171012211 time_t, Julien BLACHE wrote:
> Ah, we'll need another GR to be able to log into *all* debian hosts
> again, then. Because that's something that has always been possible in
> the past, until a couple of years ago.
Seconded.
Cheers,
--
Julien Danjou
.''`. Debian Developer
: :' : htt
On Fri, Feb 09, 2007 at 10:10:11AM +0100, Julien BLACHE wrote:
> Ah, we'll need another GR to be able to log into *all* debian hosts
> again, then. Because that's something that has always been possible in
> the past, until a couple of years ago.
I don't recall murphy being open access in the nin
Bill Allombert <[EMAIL PROTECTED]> writes:
> The Debian project resolves that Debian developers allowed to perform
> combined source and binary packages uploads should be allowed to perform
> binary-only packages uploads for the same set of architectures.
The use case I imagine at this point is t
On Fri, Feb 09, 2007 at 01:52:20PM +0100, Reinhard Tartler wrote:
> Bill Allombert <[EMAIL PROTECTED]> writes:
>
> > The Debian project resolves that Debian developers allowed to perform
> > combined source and binary packages uploads should be allowed to perform
> > binary-only packages uploads f
On Fri, Feb 09, 2007 at 02:44:37PM +0100, Francesco P. Lovergine wrote:
> The security implications of those practices should be evident to anyone.
This is (sorry) bullshit. Binary only uploads are _not_ less secure
than binary+source ones. Having a source side by side with the binary
module do
At 1171031848 time_t, Pierre Habouzit wrote:
> At no stage the fact that the upload is not sourceless helped. src+bin
> uploads is just a moral contract from the uploader that he did not faked
> the build and tested it. a _moral_ constraint, not a technical one.
OMG, so we need a moral-ctte.
On
On Fri, Feb 09, 2007 at 03:37:28PM +0100, Pierre Habouzit wrote:
> On Fri, Feb 09, 2007 at 02:44:37PM +0100, Francesco P. Lovergine wrote:
> > The security implications of those practices should be evident to anyone.
>
> This is (sorry) bullshit. Binary only uploads are _not_ less secure
> than
> I don't recall murphy being open access in the nine years or so I've
> been a DD.
Did you never see a problem with that?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Friday 09 February 2007 05:52, Reinhard Tartler wrote:
> The use case I imagine at this point is that a maintainer uploads a
> library package src+bin (e.g. src+amd64) for his private arch, and after
> weeks he notices, that it still has not been built on e.g. sparc yet. So
> he decides to start
"Francesco P. Lovergine" <[EMAIL PROTECTED]> wrote:
> On Fri, Feb 09, 2007 at 03:37:28PM +0100, Pierre Habouzit wrote:
>> On Fri, Feb 09, 2007 at 02:44:37PM +0100, Francesco P. Lovergine wrote:
>> > The security implications of those practices should be evident to anyone.
>>
>> This is (sorry)
On Fri, Feb 09, 2007 at 03:55:32PM +0100, Francesco P. Lovergine wrote:
> On Fri, Feb 09, 2007 at 03:37:28PM +0100, Pierre Habouzit wrote:
> > On Fri, Feb 09, 2007 at 02:44:37PM +0100, Francesco P. Lovergine wrote:
> > > The security implications of those practices should be evident to anyone.
> >
On Fri, Feb 09, 2007 at 08:23:54AM -0700, Wesley J. Landaker wrote:
> On Friday 09 February 2007 05:52, Reinhard Tartler wrote:
> > The use case I imagine at this point is that a maintainer uploads a
> > library package src+bin (e.g. src+amd64) for his private arch, and after
> > weeks he notices,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I hereby nominate myself for the position of Debian Project Leader in
the DPL elections of 2007.
- --
Best regards,
Aigars Mahinovsmailto:[EMAIL PROTECTED]
#--#
| .''`.
On Fri, Feb 09, 2007 at 04:35:24PM +0100, Pierre Habouzit <[EMAIL PROTECTED]>
wrote:
> One could also ask the maintainer to upload (or send to the right
> email address) the buildd logs of their build if that's really a
> problem. Note that could be a good thing anyway, as it could help to
> spo
* Mike Hommey ([EMAIL PROTECTED]) [070209 19:00]:
> On Fri, Feb 09, 2007 at 04:35:24PM +0100, Pierre Habouzit <[EMAIL PROTECTED]>
> wrote:
> > One could also ask the maintainer to upload (or send to the right
> > email address) the buildd logs of their build if that's really a
> > problem. Note
On Fri, Feb 09, 2007 at 08:19:07PM +0100, Andreas Barth wrote:
> That sounds like a good idea anyways. Perhaps we can start with "be an
> optional part" for starters, and see how it performs.
Déjà vu. What happened the last time when you suggested (and
implemented) an optional part in a Debian dat
On Fri, Feb 09, 2007 at 04:33:14PM +0100, Pierre Habouzit wrote:
> * security (I _really_ think it's nonsense, as it's not less secure
> than the usual DD's uploads, which I tried to prove) ;
Maybe "security" in this context means "build can be reproduced by our
official buildd network and w
This one time, at band camp, Pierre Habouzit said:
>
> I also addressed that part in my mail. The arguments I've read against
> "rogue" buildds are threefold:
> * security (I _really_ think it's nonsense, as it's not less secure
> than the usual DD's uploads, which I tried to prove) ;
>
>
On Sat, Feb 10, 2007 at 12:02:57AM +, Stephen Gran wrote:
> This one time, at band camp, Pierre Habouzit said:
> >
> > I also addressed that part in my mail. The arguments I've read against
> > "rogue" buildds are threefold:
> > * security (I _really_ think it's nonsense, as it's not less
On Fri, Feb 9, 2007 at 17:17:10 +0100, Michael Banck wrote:
> On Fri, Feb 09, 2007 at 04:33:14PM +0100, Pierre Habouzit wrote:
> > * security (I _really_ think it's nonsense, as it's not less secure
> > than the usual DD's uploads, which I tried to prove) ;
>
> Maybe "security" in this con
On Sat, Feb 10, 2007, Julien Cristau <[EMAIL PROTECTED]> wrote:
> On Fri, Feb 9, 2007 at 17:17:10 +0100, Michael Banck wrote:
> > Maybe "security" in this context means "build can be reproduced by our
> > official buildd network and we are therefore sure our security team can
> > issue security up
On Friday 09 February 2007 17:02, Stephen Gran wrote:
> I am sure qemu is very good at what it does, but I do not have faith
> that it can stand in for a real CPU in all the corner cases. If
> Aurelien builds a java package that had previously FTBFS'd, do we have
> any guarantee that it will build
This one time, at band camp, Wesley J. Landaker said:
> On Friday 09 February 2007 17:02, Stephen Gran wrote:
> > I am sure qemu is very good at what it does, but I do not have faith
> > that it can stand in for a real CPU in all the corner cases. If
> > Aurelien builds a java package that had pre
On Sat, Feb 10, 2007 at 01:24:21AM +0100, Pierre Habouzit wrote:
> > I agree that the way the restriction was implemented was odd, but I can
> > see the point of it. I doubt that the occasional one off binNMU is
> > going to have very much affect on the quality of the archive overall,
> > but I do
> FWIW, I got w-b access after demonstrating that I knew what needed done,
> regularly feeding batches of give-back requests to Ryan and James for builds
> that were release priorities/had obviously gone missing/had long-standing
> build problems that had been resolved, and generally not trying to
On Sat, Feb 10, 2007 at 01:24:21AM +0100, Pierre Habouzit wrote:
> > One thing that strikes me is that in all of the emails so far,
> > everyone is ignoring that this whole thing started because Aurelien
> > decided to start autobuilding packages in qemu.
> That's not what justified the alpha pro
On Fri, 9 Feb 2007 18:16:38 -0700, Wesley J Landaker <[EMAIL PROTECTED]> said:
> On Friday 09 February 2007 17:02, Stephen Gran wrote:
>> I am sure qemu is very good at what it does, but I do not have
>> faith that it can stand in for a real CPU in all the corner cases.
>> If Aurelien builds a ja
* Manoj Srivastava ([EMAIL PROTECTED]) [070210 04:44]:
> However, a buildd
> operator using qemu is not responsible for bugs filed on the packages
> created on his set up -- He is not performing an NMU.
I disagree on this statement. If I e.g. upload an package to unstable
linking to an experime
30 matches
Mail list logo
