|
Home > Archive > Debian Developers > September 2004 > Bug#241689: I'm going to NMU this
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Bug#241689: I'm going to NMU this
|
|
| Scott James Remnant 2004-08-29, 5:52 pm |
| On Sun, 2004-08-29 at 16:47 +0200, Goswin von Brederlow wrote:
> this build-essential bug is holding up the sarge amd64 release and needs
> to be fixed asap. The RM team has agreed to let such trivial amd64 changes into
> and I plan to NMU build-essential unless you fix it yourself.
>
I wasn't aware:
(a) there was going to be a "sarge amd64 release"
(b) that you were a Debian Developer therefore *could* NMU a package.
(c) that a wishlist bug against an "informational list of packages" was
more important than the hundreds of RC bugs still outstanding
against sarge.
I have stated many times over that I do not consider the build-essential
package to be a "this is what build-essential *should* look like" list
but "this is what is *currently* build-essential" list.
If you actually bother to look at the current package you'll see that
the content of essential-packages-list-* for those architectures not yet
in sid is the string:
"No essential packages list is available for $ARCH in sid"
While one of those could be added for amd64, I don't see the urgency
this close to release.
You can obtain a "filled" essential-packages-list-amd64 file for your
archive yourselves by running make-esslist.sh with a different mirror=
and arches= setting.
In fact I suspect there are more changes to build-essential required for
amd64 than just this now. I understand that there is a dependency on
gcc/g++ 3.4? If that's correct you'll need to submit a change to the
build-essential list itself as that currently specifies 3.3:
Something like:
gcc (>= 3:3.3) [!amd64] | gcc (>= 3:3.4) [amd64]
g++ (>= 3:3.3) [!amd64] | g++ (>= 3:3.4) [amd64]
is probably sufficient. You can use this bug report to file the actual
requirement, rather than opening a new one.
While I ordinarily welcome NMUs on my packages that fix valid bugs that
I haven't had the time to look at, this is not one of those. This
change would be invalid, and I specifically ask you not to upload it to
the Debian archive. Instead follow the changes I've outlined for your
own amd64 archive just as the other derivatives who include amd64 have
done.
Once amd64 has been added to sid, build-essential in sid will be updated
to carry an essential-packages-list-amd64 file.
Scott
--
Have you ever, ever felt like this?
Had strange things happen? Are you going round the twist?
| |
| Brian Nelson 2004-08-29, 5:52 pm |
| On Sun, Aug 29, 2004 at 07:09:09PM +0200, Goswin von Brederlow wrote:
> Scott James Remnant <scott@netsplit.com> writes:
>
>
> I don't need to be a DD to NMU something.
Um, yeah you do. No developer should be signing off on an NMU for a
non-DD, ever, especially for a non-DD who was rejected from the NM
queue. Any developer that does that needs to be banned, or at least
beaten severely.
--
Blast you and your estrogenical treachery!
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Andres Salomon 2004-08-29, 5:52 pm |
| On Sun, 29 Aug 2004 11:22:18 -0700, Brian Nelson wrote:
> On Sun, Aug 29, 2004 at 07:09:09PM +0200, Goswin von Brederlow wrote:
>
> Um, yeah you do. No developer should be signing off on an NMU for a
> non-DD, ever, especially for a non-DD who was rejected from the NM
> queue. Any developer that does that needs to be banned, or at least
> beaten severely.
I disagree; there's no reason for a non-DD to not be able to NMU
something, provided that it looks ok to the sponsor. If the NMU turns
out to be unnecessary, forced, or horribly broken, then you can beat the
developer who signed off on it. Sponsorship is almost completely at the
discretion of the DD; if they don't feel 100% comfortable sponsoring NMUs,
then they shouldn't. There's nothing in the Developer's Reference that
forbids sponsorship of any class of packages, despite some developers'
opinion otherwise.
The fact that Goswin was rejected from NM is another issue entirely (one
which should be taken into consideration by whoever sponsors him).
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Brian Nelson 2004-08-29, 5:52 pm |
| On Sun, Aug 29, 2004 at 04:31:07PM -0400, Andres Salomon wrote:
> On Sun, 29 Aug 2004 11:22:18 -0700, Brian Nelson wrote:
>
>
> I disagree; there's no reason for a non-DD to not be able to NMU
> something, provided that it looks ok to the sponsor. If the NMU turns
> out to be unnecessary, forced, or horribly broken, then you can beat the
> developer who signed off on it. Sponsorship is almost completely at the
> discretion of the DD; if they don't feel 100% comfortable sponsoring NMUs,
> then they shouldn't. There's nothing in the Developer's Reference that
> forbids sponsorship of any class of packages, despite some developers'
> opinion otherwise.
Sponsoring an NMU should be absolutely no different than the developer just
doing the NMU him/herself. If it is, then that developer is doing
something horrible wrong anyway.
The non-DD may supply a patch to the BTS, and the NMU'ing developer may
use that patch and should credit the submitter of that patch. That's
all the involvement a non-DD should have. Anything else is just
dangerous and/or absurd.
--
Blast you and your estrogenical treachery!
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Andres Salomon 2004-08-29, 5:52 pm |
| On Sun, 29 Aug 2004 13:45:31 -0700, Brian Nelson wrote:
[...]
>
> Sponsoring an NMU should be absolutely no different than the developer just
> doing the NMU him/herself. If it is, then that developer is doing
> something horrible wrong anyway.
>
The difference is in how quickly the package gets fixed. If I file a
patch w/ the BTS, and wait for someone to fix it, it might take a long
time. Alternatively, if I ask a sponsor to NMU a package, they may or may
not be interested in doing that (depending on how busy they are, whether
they use the package, whether they have the hardware/environment to
properly test the package, etc). However, if I have a NMU package
prepared for the sponsor, that's one less step for the DD to do, so the
chances of it happening quickly are greatly increased. Let's also not
forget that a package may have multiple RC bugs open, it will take more
time for a DD to build a package w/ patches from various bug reports,
versus an already prepared (and presumably tested) .diff.gz.
Ultimately, it's a trust issue; you might find it dangerous for a DD to
trust the non-DD, but that's the path that Debian has chosen by making
sponsorship a requirement for NM, and the NM process itself so drawn out.
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Joshua Kwan 2004-08-29, 5:52 pm |
| Andres Salomon wrote:
> Ultimately, it's a trust issue; you might find it dangerous for a DD to
> trust the non-DD, but that's the path that Debian has chosen by making
> sponsorship a requirement for NM, and the NM process itself so drawn out.
Drawn out so much as to have come to a complete halt during this rather
pivotal period in Sarge development [1].
Do we not have a backup DAM at all?
--
Joshua Kwan
[1] http://lists.debian.org/debian-deve...8/msg01349.html
| |
| Brian Nelson 2004-08-29, 5:52 pm |
| On Sun, Aug 29, 2004 at 04:39:12PM -0700, Joshua Kwan wrote:
> Andres Salomon wrote:
>
> Drawn out so much as to have come to a complete halt during this rather
> pivotal period in Sarge development [1].
>
> [1] http://lists.debian.org/debian-deve...8/msg01349.html
Complete halt? That mail was posted a week ago. There actually was
quite a bit of NM approvals earlier this month.
(Prior to that, there was no activity for about 6 months. Shouldn't you
have complained then?)
> Do we not have a backup DAM at all?
Not a functioning one, no.
--
Blast you and your estrogenical treachery!
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Brian Nelson 2004-08-29, 8:49 pm |
| On Sun, Aug 29, 2004 at 05:31:06PM -0400, Andres Salomon wrote:
> On Sun, 29 Aug 2004 13:45:31 -0700, Brian Nelson wrote:
> [...]
>
> The difference is in how quickly the package gets fixed. If I file a
> patch w/ the BTS, and wait for someone to fix it, it might take a long
> time. Alternatively, if I ask a sponsor to NMU a package, they may or may
> not be interested in doing that (depending on how busy they are, whether
> they use the package, whether they have the hardware/environment to
> properly test the package, etc). However, if I have a NMU package
> prepared for the sponsor, that's one less step for the DD to do, so the
> chances of it happening quickly are greatly increased.
If the developer is not interested in doing the NMU and is too lazy to
apply a patch and test it, THAT DEVELOPER SHOULD NOT BE UPLOADING THE
PACKAGE. How can you even question that?
> Let's also not forget that a package may have multiple RC bugs open,
> it will take more time for a DD to build a package w/ patches from
> various bug reports, versus an already prepared (and presumably
> tested) .diff.gz.
See above.
> Ultimately, it's a trust issue; you might find it dangerous for a DD
> to trust the non-DD, but that's the path that Debian has chosen by
> making sponsorship a requirement for NM, and the NM process itself so
> drawn out.
Sponsorship isn't a requirement for NM.
--
Blast you and your estrogenical treachery!
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Andres Salomon 2004-08-29, 8:49 pm |
| On Sun, 29 Aug 2004 16:52:28 -0700, Brian Nelson wrote:
> On Sun, Aug 29, 2004 at 04:39:12PM -0700, Joshua Kwan wrote:
>
> Complete halt? That mail was posted a week ago. There actually was
> quite a bit of NM approvals earlier this month.
>
> (Prior to that, there was no activity for about 6 months. Shouldn't you
> have complained then?)
>
People *have* been complaining; you've apparently not been paying
attention. I'm up to 6 months awaiting DAM approval. I've pestered tbm,
I've asked elmo, I've given away my more stressful packages and stuck to
packages maintained in teams. If not for willing sponsors and team
maintenance, I'd have given up on Debian already.
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Brian Nelson 2004-08-29, 8:49 pm |
| On Sun, Aug 29, 2004 at 08:18:34PM -0400, Andres Salomon wrote:
> On Sun, 29 Aug 2004 16:52:28 -0700, Brian Nelson wrote:
>
>
> People *have* been complaining; you've apparently not been paying
> attention. I'm up to 6 months awaiting DAM approval. I've pestered tbm,
> I've asked elmo, I've given away my more stressful packages and stuck to
> packages maintained in teams. If not for willing sponsors and team
> maintenance, I'd have given up on Debian already.
Hey man, I'm probably the developer most actively trying to improve the
NM process. I know it's in bad shape right now. However, I find it
very odd to complain now though there has been improvement recently
when, for the previous 6 months, the queue was completely stuck.
Unfortunately, things aren't likely to change until after sarge's
release since everyone is preoccupied with getting sarge ready. Please
continue to be patient.
--
Blast you and your estrogenical treachery!
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Jérôme Warnier 2004-08-29, 8:49 pm |
| [..]
>=20
> Sponsorship isn't a requirement for NM.
Well, it seems at least as the only practical way to apply...
--=20
J=E9r=F4me Warnier
Consultant
BeezNest
http://beeznest.net
| |
| Andres Salomon 2004-08-29, 8:49 pm |
| On Sun, 29 Aug 2004 16:58:07 -0700, Brian Nelson wrote:
[...]
Really not interested in continuing this...
>
>
> Sponsorship isn't a requirement for NM.
Eh? http://article.gmane.org/gmane.linu...maintainer/1359
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Steve Langasek 2004-08-29, 8:49 pm |
| On Sun, Aug 29, 2004 at 07:09:09PM +0200, Goswin von Brederlow wrote:
[vbcol=seagreen]
> I don't need to be a DD to NMU something.
Who is signing these uploads for you?
[vbcol=seagreen]
> The package fails to build from source and as far as amd64 goes this
> is severity serious. For me that is far more important than hundreds
> of RC bugs that are not against build-essential or base packages.
As far as amd64 goes, there are *no* bugs of severity: serious in
Debian. amd64 is not a release architecture at present, and policy does
not contain any amd64-specific requirements.
> The urgency is to get the sarge sources to build for amd64 so the
> amd64 release deviates as little as possible from the official sarge
> and the RM team has agreed to allow such changes through t-p-u.
Please refresh my memory re: where this was agreed to. I don't remember
anyone being given carte blanche to upload amd64-specific changes to
t-p-u, and I certainly don't think we've said anything to suggest we
want to be used as a weapon when arguing with maintainers about amd64
support.
--
Steve Langasek
postmodern programmer
| |
| Daniel Burrows 2004-08-29, 8:49 pm |
| | |
| Brian Nelson 2004-08-29, 8:49 pm |
| On Sun, Aug 29, 2004 at 09:51:20PM -0400, Andres Salomon wrote:
> On Sun, 29 Aug 2004 16:58:07 -0700, Brian Nelson wrote:
> [...]
>
> Really not interested in continuing this...
>
>
> Eh? http://article.gmane.org/gmane.linu...maintainer/1359
"Note that co-maintaining a package with a developer would be a great
way to get some experience."
Co-maintenance != sponsorship, and is in fact strongly encouraged over
sponsorship.
Other things that are adequate substitutes for having a package
sponsored include:
* QA work, especially in supplying patches for bug reports. If I *ever*
had an NM who did invaluable work like this, I'd shit myself.
* Bug triaging, especially for poorly maintained packages would be great
* Writing documentation, though I question that one if that's the only
work done. You don't really need developer privileges to write
documentation.
Applicants who maintain a single trivial package and do nothing else for
Debian are barely better than those that don't even have a package.
Running dh_make is utterly trivial, most likely no one actually uses the
package so no bug reports need to be handled... Basically it's
completely impossible to tell if the applicant is any more competent
than a turd.
--
Blast you and your estrogenical treachery!
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Matthew Palmer 2004-08-30, 2:50 am |
| On Sun, Aug 29, 2004 at 07:30:27PM -0700, Brian Nelson wrote:
> On Sun, Aug 29, 2004 at 09:51:20PM -0400, Andres Salomon wrote:
>
> "Note that co-maintaining a package with a developer would be a great
> way to get some experience."
>
> Co-maintenance != sponsorship, and is in fact strongly encouraged over
> sponsorship.
>
> Other things that are adequate substitutes for having a package
> sponsored include:
>
> * QA work, especially in supplying patches for bug reports. If I *ever*
> had an NM who did invaluable work like this, I'd shit myself.
>
> * Bug triaging, especially for poorly maintained packages would be great
And yet there's several applicants in the system with "on hold until they
have a package in the archive". Unless "a package in the archive" is code
for the things you've written above, FD comments are in conflict with what
you've just written.
I don't have much of an opinion either way -- obviously we want people who
know what they're doing and have a demonstrated dedication to the work that
Debian's doing. "Package in the archive" just seems like the only way to
demonstrate that at the moment, based on the evidence available (notes in
the AM DB, comments from tbm on -newmaint, and observations).
> Applicants who maintain a single trivial package and do nothing else for
> Debian are barely better than those that don't even have a package.
> Running dh_make is utterly trivial, most likely no one actually uses the
> package so no bug reports need to be handled... Basically it's
> completely impossible to tell if the applicant is any more competent
> than a turd.
I thoroughly agree with this statement, although I don't know if I'd *quite*
go so far as to make a comparison with fecal matter.
- Matt
| |
| Andres Salomon 2004-08-30, 2:50 am |
| On Sun, 29 Aug 2004 19:30:27 -0700, Brian Nelson wrote:
[...]
>
> "Note that co-maintaining a package with a developer would be a great
> way to get some experience."
>
> Co-maintenance != sponsorship, and is in fact strongly encouraged over
> sponsorship.
Co-maintenance generally requires some amount of sponsorship, especially
for smaller packages. If I could get away w/ simply committing to
CVS/SVN/arch repositories and having them magically turn into packages by
a team of hardworking co-maintainers in a timely fashion, I would. That
hasn't been my experience so far, though. OTOH, co-maintainers are great
for sponsorship, since they're obviously interested in the package.
I'd love to see exactly what's required (by both AMs and the DAM) to be
defined somewhere, if my original claim isn't the case. For example,
<http://nm.debian.org/newnm.php> states that one should have packages in
the archive before even applying for NM.
<http://www.debian.org/devel/join/nm-amchecklist> also states that
packagers must have a package in the archive (and recommends sponsorship).
>
> Other things that are adequate substitutes for having a package
> sponsored include:
>
> * QA work, especially in supplying patches for bug reports. If I *ever*
> had an NM who did invaluable work like this, I'd shit myself.
>
Minor QA stuff is already required by the NM process.
I've submitted my share of patches to the BTS (mainly for packages I was
interested in), but I could see someone claiming that QA work doesn't
require a Debian account. The *safe* route is to actually maintain some
packages.
> * Bug triaging, especially for poorly maintained packages would be great
>
> * Writing documentation, though I question that one if that's the only
> work done. You don't really need developer privileges to write
> documentation.
>
This argument could be applied to pretty much everything except actually
uploading/maintaining packages.
> Applicants who maintain a single trivial package and do nothing else for
> Debian are barely better than those that don't even have a package.
> Running dh_make is utterly trivial, most likely no one actually uses the
> package so no bug reports need to be handled... Basically it's
> completely impossible to tell if the applicant is any more competent
> than a turd.
Heh. I would think the BTS does a good job of documenting the
turd^Wapplicant's competency. It's too bad the NM process doesn't require
more QA work; a few months of bug triaging per applicant would do wonders
for the state of the BTS. It would also document not only the applicant's
competency, but their ability to communicate, work with other maintainers,
etc.
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Andreas Barth 2004-08-30, 2:50 am |
| * Brian Nelson (pyro@debian.org) [040830 01:55]:
> On Sun, Aug 29, 2004 at 04:39:12PM -0700, Joshua Kwan wrote:
[vbcol=seagreen]
> Not a functioning one, no.
We have one, but "backup" means here: for emergencies (e.g. James is
hit by a bus).
Cheers,
Andi
--
http://home.arcor.de/andreas-barth/
PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Andreas Barth 2004-08-30, 2:50 am |
| * Brian Nelson (pyro@debian.org) [040830 02:10]:
> On Sun, Aug 29, 2004 at 05:31:06PM -0400, Andres Salomon wrote:
[vbcol=seagreen]
> Sponsorship isn't a requirement for NM.
De facto, it is.
Cheers,
Andi
--
http://home.arcor.de/andreas-barth/
PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Brian Nelson 2004-08-30, 2:50 am |
| On Mon, Aug 30, 2004 at 12:46:48PM +1000, Matthew Palmer wrote:
> On Sun, Aug 29, 2004 at 07:30:27PM -0700, Brian Nelson wrote:
>
> And yet there's several applicants in the system with "on hold until they
> have a package in the archive". Unless "a package in the archive" is code
> for the things you've written above, FD comments are in conflict with what
> you've just written.
>
> I don't have much of an opinion either way -- obviously we want people who
> know what they're doing and have a demonstrated dedication to the work that
> Debian's doing. "Package in the archive" just seems like the only way to
> demonstrate that at the moment, based on the evidence available (notes in
> the AM DB, comments from tbm on -newmaint, and observations).
I think that's because "doesn't have a package" is a lot more concrete
than "does something useful." I don't think it's ever been a strict
requirement, but for NM's that have done nothing at all, it at least
gives then something to do.
It's only recently become apparent that requiring a sponsored package
causes a lot of problems. For example, it has prompted a deluge of
requests for sponsorship of absolute garbage. NM's tend to search out
and package anything, no matter how useless it is, just to meet the
requirement. How often do you see a RFS for an interesting package?
Maybe 1 out of every 50 requests?
And then there's the issue with some developers not thorougly checking
sponsored packages, or even signing and uploading packages they haven't
even built themselves...
So, it seems best to move away from the sponsorship requirement and move
toward co-maintenance and other alternatives instead. At least that's
what I gathered from talking to tbm and others at the last Debconf.
--
Blast you and your estrogenical treachery!
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Andreas Barth 2004-08-30, 2:50 am |
| * Andres Salomon (dilinger@voxel.net) [040830 05:25]:
> I'd love to see exactly what's required (by both AMs and the DAM) to be
> defined somewhere, if my original claim isn't the case. For example,
> <http://nm.debian.org/newnm.php> states that one should have packages in
> the archive before even applying for NM.
> <http://www.debian.org/devel/join/nm-amchecklist> also states that
> packagers must have a package in the archive (and recommends sponsorship).
Well, as an AM I look what the applicant wants to do, and if he has
shown that he can do that (and of course, that his plans fit to
Debian). That means, if an applicant says that he wants mainly
maintain packages, than I want to see one or more packages in the
archive (one is only sufficient if it's not too easy). If he instead
says that he wants to do mainly QA-work, I'm reviewing what he did do
there. Same is true for porters etc.
As most people apply as package maintainers, most applicants are
required to have package(s) in the archive. (However, people applying
as non-package-maintainers usually have enough packages in the archive
for a package maintainer.)
> I've submitted my share of patches to the BTS (mainly for packages I was
> interested in), but I could see someone claiming that QA work doesn't
> require a Debian account. The *safe* route is to actually maintain some
> packages.
In fact, QA work _does_ require an account. You quite often need
access to madison, melanie, qa cvs, mia database, ..., and it's quite
difficult to do QA work without being able to log into merkel - and
sometimes, QA work even requires NMUs (now, the circle is closed, and
we're back at the beginning ;).
Cheers,
Andi
--
http://home.arcor.de/andreas-barth/
PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Ken Bloom 2004-08-30, 2:50 am |
| On Sun, 29 Aug 2004 17:31:06 -0400, Andres Salomon wrote:
> On Sun, 29 Aug 2004 13:45:31 -0700, Brian Nelson wrote:
> [...]
>
> The difference is in how quickly the package gets fixed. If I file a
> patch w/ the BTS, and wait for someone to fix it, it might take a long
> time. Alternatively, if I ask a sponsor to NMU a package, they may or may
> not be interested in doing that (depending on how busy they are, whether
> they use the package, whether they have the hardware/environment to
> properly test the package, etc). However, if I have a NMU package
> prepared for the sponsor, that's one less step for the DD to do,
It also forces the sponsor to spend at least to thinking about how
this package (that he otherwise would not have thought about) has a
low-hanging bug, and how uploading the package would make it work that
much. And the fact that the DD takes pity on the non-DD for spending the
time to prepare an NMU makes it more likely that the bug will be fixed
sooner.
And when a non-DD has to promiscuously solicit sponsors for NMUs on
#debian-devel or #debian-bugs, then a few more people also think about the
fact that there are RC bugs that need to be fixed before we can release.
> so the
> chances of it happening quickly are greatly increased. Let's also not
> forget that a package may have multiple RC bugs open, it will take more
> time for a DD to build a package w/ patches from various bug reports,
> versus an already prepared (and presumably tested) .diff.gz.
>
> Ultimately, it's a trust issue; you might find it dangerous for a DD to
> trust the non-DD, but that's the path that Debian has chosen by making
> sponsorship a requirement for NM, and the NM process itself so drawn out.
--Ken Bloom
Not a DD
--
I usually have a GPG digital signature included as an attachment.
See http://www.gnupg.org/ for info about these digital signatures.
My key was last signed 08/18/2004. If you use GPG *please* see me about
signing the key. ***** My computer can't give you viruses by email. ***
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Christoph Hellwig 2004-08-30, 2:50 am |
| On Sun, Aug 29, 2004 at 10:12:41PM -0400, Daniel Burrows wrote:
> On Sunday 29 August 2004 10:08 pm, Steve Langasek wrote:
>
> Unfortunately, it seems that some packages fail to build even in i386
> Debian when an amd64 CPU is being used; see, eg, #251989.
Wrong. It fails when running an x86_64 kernel, not when a 64bit-capable
cpu is present.
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Goswin von Brederlow 2004-09-02, 6:55 pm |
| Brian Nelson <pyro@debian.org> writes:
> On Sun, Aug 29, 2004 at 07:09:09PM +0200, Goswin von Brederlow wrote:
>
> Um, yeah you do. No developer should be signing off on an NMU for a
> non-DD, ever, especially for a non-DD who was rejected from the NM
> queue. Any developer that does that needs to be banned, or at least
> beaten severely.
Ok, let me rephrase this:
I don't need to be a DD to prepare a patch and get a DD to NMU it.
Better?
MfG
Goswin
PS: I suppose you also want to bann everyone that uploaded a binary
porting NMU for me and remove all those uploads (which might be a 4
digit number by now) and remove my packages too?
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Goswin von Brederlow 2004-09-02, 6:55 pm |
| Brian Nelson <pyro@debian.org> writes:
> On Sun, Aug 29, 2004 at 05:31:06PM -0400, Andres Salomon wrote:
>
> Sponsorship isn't a requirement for NM.
With the requirement to maintain a package in debian (unless one wants
to be translator) sponsorship is a requirement.
MfG
Goswin
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Goswin von Brederlow 2004-09-02, 6:55 pm |
| Steve Langasek <vorlon@debian.org> writes:
> On Sun, Aug 29, 2004 at 07:09:09PM +0200, Goswin von Brederlow wrote:
>
>
> Who is signing these uploads for you?
Given the hostility expressed against signatories of my work I'm not
going to name names. If you do care you can look through the changes
and changelog files.
>
>
> As far as amd64 goes, there are *no* bugs of severity: serious in
> Debian. amd64 is not a release architecture at present, and policy does
> not contain any amd64-specific requirements.
No, that is not what I ment. Only its amd64 internal severity is
serious, i.e. it must be patched in the alioth repository or hell
breaks loose. The Debian severity was set to wishlist.
>
> Please refresh my memory re: where this was agreed to. I don't remember
> anyone being given carte blanche to upload amd64-specific changes to
> t-p-u, and I certainly don't think we've said anything to suggest we
> want to be used as a weapon when arguing with maintainers about amd64
> support.
A while back I asked on irc if it was ok to get minimal changes like
adding amd64 to the Architecture list or similar non intrusive patches
that don't affect !amd64 uploaded and was told that it would be ok for
t-p-u (implying that they wouldnt just be rejected because they don't
affect official release archs).
If that is no longer the case or not the opinion of the whole RM team
then please tell me now and Debian-amd64 can stop trying to make an
unofficial release with minimal deviations from debian.
> --
> Steve Langasek
> postmodern programmer
MfG
Goswin
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Goswin von Brederlow 2004-09-02, 6:55 pm |
| Christoph Hellwig <hch@lst.de> writes:
> On Sun, Aug 29, 2004 at 10:12:41PM -0400, Daniel Burrows wrote:
>
> Wrong. It fails when running an x86_64 kernel, not when a 64bit-capable
> cpu is present.
Which is in queue/NEW for i386 so this might hit you in the back any
day now.
MfG
Goswin
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Brian Nelson 2004-09-02, 6:55 pm |
| On Mon, Aug 30, 2004 at 03:27:04PM +0200, Goswin von Brederlow wrote:
> Brian Nelson <pyro@debian.org> writes:
>
>
> Ok, let me rephrase this:
>
> I don't need to be a DD to prepare a patch and get a DD to NMU it.
>
> Better?
Yes, that's fine.
> PS: I suppose you also want to bann everyone that uploaded a binary
> porting NMU for me and remove all those uploads (which might be a 4
> digit number by now) and remove my packages too?
Pretty much. It's nothing personal against you[1]. It's the principle of
it. Binaries should only come from developers--everything else is
"untrusted". It doesn't make sense to trust your binaries enough to
distribute them if we don't trust you enough to make you a developer.
[1] I was never fully convinced you should have been rejected. I find
you to be a giant pain in the XXX at times, but the same can be said
for dozens of developers.
--
Blast you and your estrogenical treachery!
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Colin Watson 2004-09-02, 6:55 pm |
| On Mon, Aug 30, 2004 at 03:27:04PM +0200, Goswin von Brederlow wrote:
> PS: I suppose you also want to bann everyone that uploaded a binary
> porting NMU for me and remove all those uploads (which might be a 4
> digit number by now)
I definitely do not think that any binary upload should ever be
sponsored, full stop. If it were feasible to do so I would prefer that
those uploads be removed, as in this case the cure is worse than the
disease; since it's probably not feasible, I would simply like this
practice to stop immediately.
Cheers,
--
Colin Watson [cjwatson@flatline.org.uk]
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Steve McIntyre 2004-09-02, 6:55 pm |
| Colin Watson writes:
>On Mon, Aug 30, 2004 at 03:27:04PM +0200, Goswin von Brederlow wrote:
>
>I definitely do not think that any binary upload should ever be
>sponsored, full stop. If it were feasible to do so I would prefer that
>those uploads be removed, as in this case the cure is worse than the
>disease; since it's probably not feasible, I would simply like this
>practice to stop immediately.
Seconded.
--
Steve McIntyre, Cambridge, UK. steve@einval.com
Mature Sporty Personal
More Innovation More Adult
A Man in Dandism
Powered Midship Specialty
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Andreas Schuldei 2004-09-02, 6:55 pm |
| * Colin Watson (cjwatson@debian.org) [040831 05:09]:
> On Mon, Aug 30, 2004 at 03:27:04PM +0200, Goswin von Brederlow wrote:
>
> I definitely do not think that any binary upload should ever be
> sponsored, full stop. If it were feasible to do so I would prefer that
> those uploads be removed, as in this case the cure is worse than the
> disease; since it's probably not feasible, I would simply like this
> practice to stop immediately.
i failed to read this thread all the way, for some reason. could
you elaborate a bit on what you mean? it seems to be important to
you and i dont understand it yet.
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Andreas Barth 2004-09-02, 6:55 pm |
| Hi,
* Colin Watson (cjwatson@debian.org) [040831 05:10]:
> I definitely do not think that any binary upload should ever be
> sponsored, full stop.
I would be interessted where you would draw the border, what's still
ok and what not. Which situation do you consider acceptable:
Builds done on a machine
1. that's physical accessable by non-DDs
2. where are non-DD local users are
3. where are non-DD root users ("local admin"), but a DD is also root
and takes care of the build setup
4. like 3, but some packages needed in the build setup were installed
by the local admin.
5. like 4, but sbuild was started by local admin
6. like 5, but DD is not root
7. like 6, but DD cannot log into the machine
Cheers,
Andi
--
http://home.arcor.de/andreas-barth/
PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Colin Watson 2004-09-02, 6:55 pm |
| On Tue, Aug 31, 2004 at 12:23:19PM +0200, Andreas Schuldei wrote:
> * Colin Watson (cjwatson@debian.org) [040831 05:09]:
>
> i failed to read this thread all the way, for some reason. could
> you elaborate a bit on what you mean?
I think my mail stands on its own. I don't really see how I can
elaborate on it per se.
> it seems to be important to you and i dont understand it yet.
Do you not think it is important for sponsors to verify what they're
sponsoring against trojans? How do you propose to verify a lump of
binary data you've received?
Cheers,
--
Colin Watson [cjwatson@flatline.org.uk]
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Andreas Schuldei 2004-09-02, 6:55 pm |
| * Colin Watson (cjwatson@debian.org) [040831 15:04]:
> I think my mail stands on its own. I don't really see how I can
> elaborate on it per se.
yes. for some reason i missed the "sponsor" part.
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| John Hasler 2004-09-02, 6:55 pm |
| Colin Watson writes:
> Do you not think it is important for sponsors to verify what they're
> sponsoring against trojans? How do you propose to verify a lump of binary
> data you've received?
By receiving both binary and source, verifying as you would with a full
upload, and then uploading only the binary?
--
John Hasler
john@dhh.gt.org
Dancing Horse Hill
Elmwood, Wisconsin
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Martin Michlmayr 2004-09-02, 6:55 pm |
| * John Hasler <john@dhh.gt.org> [2004-08-31 09:36]:
> By receiving both binary and source, verifying as you would with a
> full upload, and then uploading only the binary?
How do you know the binary was created from the source they sent you?
--
Martin Michlmayr
tbm@cyrius.com
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Pascal Hakim 2004-09-02, 6:55 pm |
| On Tue, Aug 31, 2004 at 09:36:22AM -0500, John Hasler wrote:
> Colin Watson writes:
>
> By receiving both binary and source, verifying as you would with a full
> upload, and then uploading only the binary?
How do you know the source matches the binary?
Pasc
--
Pascal Hakim 0403 411 672
Do Not Bend
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Sebastian Ley 2004-09-02, 6:55 pm |
| * John Hasler wrote:
> Colin Watson writes:
>
> By receiving both binary and source, verifying as you would with a full
> upload, and then uploading only the binary?
And how do you ensure that the binary is built from the source you received?
Sebastian
--
PGP-Key: http://www.mmweg.rwth-aachen.de/~se....ley/public.key
Fingerprint: A46A 753F AEDC 2C01 BE6E F6DB 97E0 3309 9FD6 E3E6
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Bastian Blank 2004-09-02, 6:55 pm |
| On Tue, Aug 31, 2004 at 12:49:27PM +0200, Andreas Barth wrote:
> Builds done on a machine
You have to ask the same with the focus on developer machines. They are
also used to build packages.
Bastian
--
You! What PLANET is this!
-- McCoy, "The City on the Edge of Forever", stardate 3134.0
| |
| Jan Nieuwenhuizen 2004-09-02, 6:55 pm |
| Martin Michlmayr writes:
> * John Hasler <john@dhh.gt.org> [2004-08-31 09:36]:
>
> How do you know the binary was created from the source they sent you?
And if you could find that out, how do you know the compiler she used
can be trusted?
Jan.
--
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond - The music typesetter
http://www.xs4all.nl/~jantien | http://www.lilypond.org
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| John Hasler 2004-09-02, 6:55 pm |
| I wrote:
> By receiving both binary and source, verifying as you would with a full
> upload, and then uploading only the binary?
Pasc writes:
> How do you know the source matches the binary?
You build it, of course. Isn't that what sponsors are always supposed to
do?
--
John Hasler
john@dhh.gt.org
Dancing Horse Hill
Elmwood, Wisconsin
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Andreas Schuldei 2004-09-02, 6:55 pm |
| * John Hasler (john@dhh.gt.org) [040831 17:36]:
> You build it, of course. Isn't that what sponsors are always supposed to
> do?
actually, this thread is exactly about this and how wrong it is
exactly to just sign and upload a binary you have not build yourself.
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Andreas Barth 2004-09-02, 6:55 pm |
| * John Hasler (john@dhh.gt.org) [040831 16:40]:
> Colin Watson writes:
[vbcol=seagreen]
> By receiving both binary and source, verifying as you would with a full
> upload, and then uploading only the binary?
I would call this naive. For sourcefull sponsoring, you need to
rebuild on your own system, to prevent trojans in the binary. And if
you rebuild, why call it "binary sponsoring" at all then? Just call it
"you were hinted to do a rebuild".
Cheers,
Andi
--
http://home.arcor.de/andreas-barth/
PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Colin Watson 2004-09-02, 6:55 pm |
| On Tue, Aug 31, 2004 at 10:33:32AM -0500, John Hasler wrote:
> I wrote:
>
> Pasc writes:
>
> You build it, of course. Isn't that what sponsors are always supposed to
> do?
That's the whole point. The sponsored binary uploads that have been
taking place are normally on unusual architectures, though.
--
Colin Watson [cjwatson@flatline.org.uk]
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| John Hasler 2004-09-02, 6:55 pm |
| Colin Watson writes:
> The sponsored binary uploads that have been taking place are normally on
> unusual architectures, though.
Then the sponsors just have to acquire access to the appropriate machines.
--
John Hasler
john@dhh.gt.org
Dancing Horse Hill
Elmwood, Wisconsin
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Goswin von Brederlow 2004-09-02, 6:55 pm |
| John Hasler <john@dhh.gt.org> writes:
> I wrote:
>
> Pasc writes:
>
> You build it, of course. Isn't that what sponsors are always supposed to
> do?
No, this was purely about porting NMUs. Uploading a binary for an arch
not uploaded by the maintainer.
MfG
Goswin
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| John Hasler 2004-09-02, 6:55 pm |
| Goswin writes:
> No, this was purely about porting NMUs. Uploading a binary for an arch
> not uploaded by the maintainer.
So you are saying that it is ok for a DD to blindly upload a binary
supplied to him by a non-DD?
--
John Hasler
john@dhh.gt.org (John Hasler)
Dancing Horse Hill
Elmwood, WI
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Andreas Schuldei 2004-09-02, 6:55 pm |
| * John Hasler (john@dhh.gt.org) [040831 19:16]:
> Goswin writes:
>
> So you are saying that it is ok for a DD to blindly upload a binary
> supplied to him by a non-DD?
e.g. your wife or Alexander Viro, who`s kernel package you
are probatly running right now?
personal trust exists even outside the debian web of trust.
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Andreas Metzler 2004-09-02, 6:55 pm |
| On 2004-08-31 John Hasler <john@dhh.gt.org> wrote:
> Goswin writes:
[vbcol=seagreen]
> So you are saying that it is ok for a DD to blindly upload a binary
> supplied to him by a non-DD?
No (at least not in the mesage your respended to), he just pointed
you to the fact /this/ thread is about porting NMUs.
cu andreas
--
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Frank Küster 2004-09-02, 6:55 pm |
| John Hasler <john@dhh.gt.org> wrote:
> Colin Watson writes:
>
> Then the sponsors just have to acquire access to the appropriate machines.
root access? Sole root access?
Regards, Frank
--=20
Frank K=FCster, Biozentrum der Univ. Basel
Abt. Biophysikalische Chemie
| |
| John Hasler 2004-09-02, 6:55 pm |
| I wrote:
> So you are saying that it is ok for a DD to blindly upload a binary
> supplied to him by a non-DD?
Andreas Schuldei writes:
> e.g. your wife or Alexander Viro, who`s kernel package you are probatly
> running right now?
I won't blindly upload a binary package supplied to me by anyone. When I
sign and upload a package I am saying that I built and tested it.
> personal trust exists even outside the debian web of trust.
You would appear to be implying that each DD can decide on his own who is
to be allowed to do binary uploads.
--
John Hasler
john@dhh.gt.org
Dancing Horse Hill
Elmwood, Wisconsin
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Goswin von Brederlow 2004-09-02, 6:55 pm |
| John Hasler <john@dhh.gt.org> writes:
> Goswin writes:
>
> So you are saying that it is ok for a DD to blindly upload a binary
> supplied to him by a non-DD?
> --
> John Hasler
> john@dhh.gt.org (John Hasler)
> Dancing Horse Hill
> Elmwood, WI
Not blindly. Only if he/she trusts the non-DD enough. Having known
someone for years and having met them in person certainly helps there.
I also wouldn't blindly give a DD root access to my machine, which is
what he/she needs to admin a buildd.
MfG
Goswin
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| John Hasler 2004-09-02, 6:55 pm |
| I wrote:
> Then the sponsors just have to acquire access to the appropriate machines.
Frank Küster writes:
> root access? Sole root access?
That's a different question, isn't it?
--
John Hasler
john@dhh.gt.org (John Hasler)
Dancing Horse Hill
Elmwood, WI
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Colin Watson 2004-09-02, 6:55 pm |
| On Tue, Aug 31, 2004 at 08:03:26PM +0200, Goswin von Brederlow wrote:
> John Hasler <john@dhh.gt.org> writes:
>
> Not blindly. Only if he/she trusts the non-DD enough.
It is not for that developer to decide. The set of people with the
privilege of making binary uploads to the Debian archive are in a
position of trust with respect to all Debian users.
Transitive trust should not be encouraged.
--
Colin Watson [cjwatson@flatline.org.uk]
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Thiemo Seufer 2004-09-02, 6:55 pm |
| John Hasler wrote:
> I wrote:
>
> Frank Küster writes:
>
> That's a different question, isn't it?
If you don't trust the machine's operator, then even root access isn't
good enough. If you trust him, the DD/non-DD distinction is moot.
Thiemo
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Frank Küster 2004-09-02, 6:55 pm |
| John Hasler <john@dhh.gt.org> wrote:
> I wrote:
s.[vbcol=seagreen]
>
> Frank K=FCster writes:
>
> That's a different question, isn't it?
In fact it isn't. How can you trust the compiler, toolchain etc. on a
system you haven't set up yourself?
Regards, Frank
--=20
Frank K=FCster, Biozentrum der Univ. Basel
Abt. Biophysikalische Chemie
| |
| Marc Haber 2004-09-02, 6:55 pm |
| On Tue, 31 Aug 2004 11:09:58 +0100, Steve McIntyre <steve@einval.com>
wrote:
>Colin Watson writes:
>
>Seconded.
You are aware that many buildds are run by non-DDs and thus need
sponsored binary uploads to get the debs into the archive? Removing
all sponsored binaries means removing most of m68k, for example, if I
recall correctly.
Greetings
Marc
--=20
-------------------------------------- !! No courtesy copies, please !! =
-----
Marc Haber | " Questions are the | Mailadresse im =
Header
Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32=
15
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31=
29
| |
| Marc Haber 2004-09-03, 5:52 pm |
| On Thu, 02 Sep 2004 10:34:14 +0100, Steve McIntyre <steve@einval.com>
wrote:
>Marc Haber writes:
>
>Yes, I am aware of that. That still does not justify sponsored binary
>uploads IMHO. I know I'm not alone in that opinion...
Looks like what I was fearing has already happened. We have lost about
a third of our buildd network, thus moving sarge behind even more.
It definetely looks like this Distribution does not care any more
about its users, but only about politics and religions. It's a bloody
shame.
Greetings
Marc
--=20
-------------------------------------- !! No courtesy copies, please !! =
-----
Marc Haber | " Questions are the | Mailadresse im =
Header
Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32=
15
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31=
29
| |
| Manoj Srivastava 2004-09-03, 5:52 pm |
| On Fri, 03 Sep 2004 18:25:24 +0200, Marc Haber <mh+debian-devel@zugschlus.de> said:
> Looks like what I was fearing has already happened. We have lost
> about a third of our buildd network, thus moving sarge behind even
> more.
Since when have we placed arbitary deadlines above quality? If
a third of our build network was not trusted by the delegates in
charge of Debian's buildds, the solution is to get more trusted
buildd machines, not to shove packegs in wily nilly.
> It definetely looks like this Distribution does not care any more
> about its users, but only about politics and religions. It's a
> bloody shame.
Bull-XXXXing-shit. Shoving packages from dubious build
machines is just as well not caring for the users. In this day and
age people not even giving a passing nod to security issues is a
bloody shame too.
manoj
--
I like work; it fascinates me; I can sit and look at it for hours.
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Thomas Bushnell BSG 2004-09-03, 5:52 pm |
| Manoj Srivastava <srivasta@debian.org> writes:
> Since when have we placed arbitary deadlines above quality? If
> a third of our build network was not trusted by the delegates in
> charge of Debian's buildds, the solution is to get more trusted
> buildd machines, not to shove packegs in wily nilly.
So I think it's a shame that we now have fewer buildd machines than
before, but I respect the relevant people's judgment to do the right
thing; it's a complicated issue and I have no particular reason to
think that my ideas would be any better than those officially in
charge of that part of the Project.
But that means, i think, that what we want is more buildd's, that meet
the security concerns of the people in charge of buildds.
Surely we have enough money to buy some. We have a good idea of which
archs are having trouble keeping up: arm, mips, mipsel, sometimes
ia64 and m68k. Maybe that's not entirely right, but again, the buildd
people should know which ones need the most attention.
It might well not happen in time for sarge, but it would be nice to
think a little ahead too. So what do we need to do to increase the
number of buildds? We surely have the cash to buy a few boxes, and we
have people who will house them for us, right?
Thomas
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Marc Haber 2004-09-03, 5:52 pm |
| On Fri, 03 Sep 2004 13:18:21 -0500, Manoj Srivastava
<srivasta@debian.org> wrote:
> Bull-XXXXing-shit. Shoving packages from dubious build
> machines is just as well not caring for the users. In this day and
> age people not even giving a passing nod to security issues is a
> bloody shame too.
Some of these dubious machines have been acceptable for years. We're
becoming "p=E4pstlicher als der Papst".
Greetings
Marc
--=20
-------------------------------------- !! No courtesy copies, please !! =
-----
Marc Haber | " Questions are the | Mailadresse im =
Header
Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32=
15
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31=
29
| |
| Florian Weimer 2004-09-03, 5:52 pm |
| * Manoj Srivastava:
> On Fri, 03 Sep 2004 18:25:24 +0200, Marc Haber <mh+debian-devel@zugschlus.de> said:
>
>
>
> Since when have we placed arbitary deadlines above quality?
I don't think our concerns are related to quality, but about how much
someone is allowed to do for Debian without being a club member. From
a formal point of view, it's certainly not acceptable that someone
who's been denied membership tries to bypass these safeguards.
It's quite unfortunate that this problem shows up at this particular
time, though.
> If a third of our build network was not trusted by the delegates in
> charge of Debian's buildds, the solution is to get more trusted
> buildd machines, not to shove packegs in wily nilly.
Trust is only loosely related to quality.
> Bull-XXXXing-shit. Shoving packages from dubious build
> machines is just as well not caring for the users. In this day and
> age people not even giving a passing nod to security issues is a
> bloody shame too.
Our users are willing to sacrifice some security so that they can run
Debian. Switching off buildds won't resolve Debian's inherent
security problems. It won't make Debian acceptable to those who so
far had to refrain from using it, either.
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Manoj Srivastava 2004-09-04, 5:51 pm |
| On Fri, 03 Sep 2004 21:14:27 +0200, Marc Haber <mh+debian-devel@zugschlus.de> said:
> On Fri, 03 Sep 2004 13:18:21 -0500, Manoj Srivastava
[vbcol=seagreen]
> Some of these dubious machines have been acceptable for years. We're
> becoming "päpstlicher als der Papst".
Things were different in the halcyon days of yore. I ran open
relays, we had real guuest accounts which could send mail, we had
anonymous telnet redirectors on open dial-in lines, and a nice
trusting computing environment.
So talking about how things used to be is of marginal
utility. We are trying to determine what is reasonable for the
project now.
manoj
ps: if you want to talk about the good old days before the great
usenet renaming, drop me a line off-list.
--
Wasn't there something about a PASCAL programmer knowing the value of
everything and the Wirth of nothing?
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Manoj Srivastava 2004-09-04, 5:51 pm |
| On Fri, 03 Sep 2004 21:56:27 +0200, Florian Weimer <fw@deneb.enyo.de> said:
> * Manoj Srivastava:
[vbcol=seagreen]
> I don't think our concerns are related to quality, but about how
> much someone is allowed to do for Debian without being a club
> member.
It not merely membership in a club; the underlying principle
behind acceptance (either to debian, or the list of buildd's) has
been one of trust, as well as a threshold of competence, as
determined by the people in charge (or the gating mechanism).
> From a formal point of view, it's certainly not acceptable
> that someone who's been denied membership tries to bypass these
> safeguards.
> It's quite unfortunate that this problem shows up at this particular
> time, though.
[vbcol=seagreen]
> Trust is only loosely related to quality.
Quite. But a trusted (they are not likely to maliciously
inject code into packages) but incompetent (uhh, what's linux?)
entities are unlikely to find acceptance. So the selection criteria
is broader than just security concerns.
[vbcol=seagreen]
> Our users are willing to sacrifice some security so that they can
> run Debian.
Really? How can you tell? Or are we merely debatin
proof-by-assertion? I sure as hell would not run Debian if it made
this kind of a compromise for popularity over quality all the time.
> Switching off buildds won't resolve Debian's inherent security
> problems.
Not again. No, no one thing can *EVER* resolve all of
Debian's inherent security problems. But every little bit can help.
> It won't make Debian acceptable to those who so far had
> to refrain from using it, either.
It may make debian remain viable for some of us.
manoj
--
There's too much beauty upon this earth for lonely men to
bear. Richard Le Gallienne
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Goswin von Brederlow 2004-09-04, 5:51 pm |
| Manoj Srivastava <srivasta@debian.org> writes:
> On Fri, 03 Sep 2004 21:56:27 +0200, Florian Weimer <fw@deneb.enyo.de> said:
Note that there were one rejected person (me), two non DDs and 5 DDs
directly involved in that group of buildds. Also the buildds were
setup following the recommendations in the big buildd flameware a
while back to setup our own wanna-build to work without of James
wanna-build. Noone ever mentioned that buildds must be sanctioned or
any other restrictions for them.
Calling it bypassing safeguards makes it sound like a malice act in my
opinion and does not apply here.
[vbcol=seagreen]
>
>
>
> Quite. But a trusted (they are not likely to maliciously
> inject code into packages) but incompetent (uhh, what's linux?)
> entities are unlikely to find acceptance. So the selection criteria
> is broader than just security concerns.
Since buildds don't do anything creative but just compile trust is the
only thing that should apply to the buildd. Competence and social
skills would apply to the buildd admin but that person already has to
be a DD.
MfG
Goswin
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Russ Allbery 2004-09-04, 5:51 pm |
| Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de> writes:
> Note that there were one rejected person (me), two non DDs and 5 DDs
> directly involved in that group of buildds. Also the buildds were setup
> following the recommendations in the big buildd flameware a while back
> to setup our own wanna-build to work without of James wanna-build. Noone
> ever mentioned that buildds must be sanctioned or any other restrictions
> for them.
Something that I'm a little confused about here.... Did you all turn off
your extra buildd network because someone in charge (an ftpmaster, the
DPL, etc.) told you to stop uploading the binaries they built or stopped
accepting those uploads, or did you turn them off because there was a
thread about binary NMUs in debian-devel and you felt insulted or attacked
by the opinions expressed in it? I couldn't tell just from reading the
thread, and my reaction to these events, and my reaction to all of this is
likely to be substantially different depending on which it was.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Florian Weimer 2004-09-04, 5:51 pm |
| * Goswin von Brederlow:
>
> Note that there were one rejected person (me), two non DDs and 5 DDs
> directly involved in that group of buildds. Also the buildds were
> setup following the recommendations in the big buildd flameware a
> while back to setup our own wanna-build to work without of James
> wanna-build. Noone ever mentioned that buildds must be sanctioned or
> any other restrictions for them.
How is this related to buildds anyway? Didn't you announce a
_non-binary_ NMU of a questionable change, on behalf of the unofficial
amd64 release team?
Obviously, if Debian relies on non-DD buildds, there has to be some
degree of binary-only NMUs which come, in essence, from non-DDs. But
this shouldn't imply that these people have archive access in the way
DDs have.
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Blars Blarson 2004-09-04, 8:47 pm |
| In article <878ybr5gie.fsf@becket.becket.net> tb@becket.net writes:
>So I think it's a shame that we now have fewer buildd machines than
>But that means, i think, that what we want is more buildd's, that meet
>the security concerns of the people in charge of buildds.
>
>Surely we have enough money to buy some. We have a good idea of which
>archs are having trouble keeping up: arm, mips, mipsel, sometimes
>ia64 and m68k. Maybe that's not entirely right, but again, the buildd
>people should know which ones need the most attention.
Rather than the machines themselves, I think it is more a problem of
secure locations to house them with power, air condiontioning, network
access, and physical access for either a DD maintining the particular
machine or a DSA team member that has the time needed. Older machines
may be near the end of thier life. Strange machines may require
specialized knolage to maintain.
Also there is a need for DDs willing to run the buildd, sign the
uploads, file ftbfs bugs, and manipulate the buildd status of
packages. The latter two are tasks that could be done by a buildd NM,
with the manipulations being sponsored by a DD, without compromising
the Debian archives.
--
Blars Blarson blarson@blars.org
http://www.blars.org/blars.html
With Microsoft, failure is not an option. It is a standard feature.
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Goswin von Brederlow 2004-09-05, 2:47 am |
| Russ Allbery <rra@stanford.edu> writes:
> Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de> writes:
>
>
> Something that I'm a little confused about here.... Did you all turn off
> your extra buildd network because someone in charge (an ftpmaster, the
> DPL, etc.) told you to stop uploading the binaries they built or stopped
> accepting those uploads, or did you turn them off because there was a
> thread about binary NMUs in debian-devel and you felt insulted or attacked
> by the opinions expressed in it? I couldn't tell just from reading the
> thread, and my reaction to these events, and my reaction to all of this is
> likely to be substantially different depending on which it was.
Two RMs and later some DDs expressed their wish that uploading of
packages not build under the DDs direct control should cease imediatly
so I shutdown the wanna-build and thereby all connected buildds.
What bugs me is that last time when we complained that James does not
react to buildd applications we were told to work without him since he
is not neccessary to work a buildd and now some of the same people say
we shouldn't have.
One just can't win.
> --
> Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
MfG
Goswin
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
| |
| Goswin von Brederlow 2004-09-05, 2:47 am |
| Florian Weimer <fw@deneb.enyo.de> writes:
> * Goswin von Brederlow:
>
>
> How is this related to buildds anyway? Didn't you announce a
> _non-binary_ NMU of a questionable change, on behalf of the unofficial
> amd64 release team?
The inital topic was fixing bug #241689 and completly unrelated to
anything past the second or third mail. I expressed my intention to
prepare an source NMU fix a FTBFS amd64 bug and then there was a
ping-pong with the maintainer to reach a compromise what that fix
should contain. Nothing questionable but totally unrealted to the
the rest of the thread.
> Obviously, if Debian relies on non-DD buildds, there has to be some
> degree of binary-only NMUs which come, in essence, from non-DDs. But
Which now isn't OK any longer. Non-DDs are untrusted (as in hasn't
been declared trusted and no DD on its own can decide that for Debian).
> this shouldn't imply that these people have archive access in the way
> DDs have.
That was never in question.
MfG
Goswin
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
|
|
|
|
|