On 14-Nov-05, 20:22 (CST), Pierre THIERRY [EMAIL PROTECTED] wrote:
You trust them, but not any user of Debian will want to trust them so
much. Some will want some degree of confidence that the binaries are
clean...
Then they need to download the source, examine it, and build the binary.
Scribit Manoj Srivastava dies 11/11/2005 hora 22:35:
You gotta start trusting somewhere. Our web of trust starts with the
Developers in the keyring, we trust these people not to muck with the
binaries.
You trust them, but not any user of Debian will want to trust them so
much. Some will want
Scribit Josselin Mouette dies 12/11/2005 hora 18:37:
It was already suggested to accept only source+binary uploads, but to
rebuild the binaries on the upload's architecture anyway.
Has there been a consensus on rejecting that solution?
Curiously,
Nowhere man
--
[EMAIL PROTECTED]
OpenPGP
Le vendredi 11 novembre 2005 à 23:19 +0100, Jose Carlos Garcia Sogo a
écrit :
Sorry, Joss, but I can't believe disk space can be a problem nowadays.
Of course you can be short of disk space, but a 160GB HDD is quite
affordable, and you can cache Debian lot of times there.
I can't believe I'm
Le samedi 12 novembre 2005 à 02:29 +0100, Pierre THIERRY a écrit :
And I see a rationale for allowing them: what prevents a DD to upload
binaries that include exploits or some trojan code, along with a clean
source?
It was already suggested to accept only source+binary uploads, but to
rebuild
On Fri, Nov 11, 2005 at 12:18:00AM +0100, Joerg Jaspert wrote:
On 10469 March 1977, Josselin Mouette wrote:
I can't see the rationale for rejecting source uploads, and they used to
be accepted in the past.
Because people then fuck up their packages even more.
No, they havent been
Le vendredi 11 novembre 2005 à 00:55 +0100, Bernd Eckenfels a écrit :
In article [EMAIL PROTECTED] you wrote:
Why is this the case ? I'm running with experimental GNOME packages; if
I upload a binary package depending on them, it will be uninstallable on
unstable systems.
How can you
On 11/10/05, Peter Samuelson [EMAIL PROTECTED] wrote:
[Josselin Mouette]
I can't see the rationale for rejecting source uploads, and they used
to be accepted in the past.
It's the first line of defense against people uploading things that
don't build, wasting various infrastructure
[Brian Nelson]
Oh, so Ubuntu packages are fucked up more by their maintainers more
than Debian packages are?
Yes, or so it's been alleged.
Not being a user of ubuntu unstable, I can't confirm or deny.
signature.asc
Description: Digital signature
El jue, 10-11-2005 a las 23:43 +0100, Josselin Mouette escribió:
Le jeudi 10 novembre 2005 à 23:00 +0100, Adeodato Simó a écrit :
* Josselin Mouette [Thu, 10 Nov 2005 22:45:20 +0100]:
(And don't tell me to use pbuilder, I don't have the disk space nor the
bandwidth for it.)
Why
Scribit Josselin Mouette dies 10/11/2005 hora 22:45:
Le jeudi 10 novembre 2005 à 13:32 -0800, Debian Installer a écrit :
Rejected: source only uploads are not supported.
I can't see the rationale for rejecting source uploads, and they used
to be accepted in the past.
And I see a rationale
On Sat, 12 Nov 2005 02:29:56 +0100, Pierre THIERRY [EMAIL PROTECTED] said:
Scribit Josselin Mouette dies 10/11/2005 hora 22:45:
Le jeudi 10 novembre 2005 à 13:32 -0800, Debian Installer a écrit :
Rejected: source only uploads are not supported.
I can't see the rationale for rejecting source
Le jeudi 10 novembre 2005 à 13:32 -0800, Debian Installer a écrit :
Rejected: source only uploads are not supported.
Why is this the case ? I'm running with experimental GNOME packages; if
I upload a binary package depending on them, it will be uninstallable on
unstable systems.
I can't see the
* Josselin Mouette [Thu, 10 Nov 2005 22:45:20 +0100]:
(And don't tell me to use pbuilder, I don't have the disk space nor the
bandwidth for it.)
Why bandwidth? Several systems exist to cache debs so they don't have
to be fetched from the net each time they're used (apt-cacher,
apt-proxy,
Le jeudi 10 novembre 2005 à 23:00 +0100, Adeodato Simó a écrit :
* Josselin Mouette [Thu, 10 Nov 2005 22:45:20 +0100]:
(And don't tell me to use pbuilder, I don't have the disk space nor the
bandwidth for it.)
Why bandwidth? Several systems exist to cache debs so they don't have
to
[Josselin Mouette]
I can't see the rationale for rejecting source uploads, and they used
to be accepted in the past.
It's the first line of defense against people uploading things that
don't build, wasting various infrastructure resources.
Perhaps what you need is for someone to set up an
On Thu, Nov 10, 2005 at 11:43:26PM +0100, Josselin Mouette wrote:
Le jeudi 10 novembre 2005 à 23:00 +0100, Adeodato Simó a écrit :
* Josselin Mouette [Thu, 10 Nov 2005 22:45:20 +0100]:
(And don't tell me to use pbuilder, I don't have the disk space nor the
bandwidth for it.)
Why
On Thu, Nov 10, 2005 at 04:49:08PM -0600, Peter Samuelson wrote:
[Josselin Mouette]
I can't see the rationale for rejecting source uploads, and they used
to be accepted in the past.
It's the first line of defense against people uploading things that
don't build, wasting various
Le jeudi 10 novembre 2005 à 17:49 -0500, Roberto C. Sanchez a écrit :
Why not get someone else that has sufficient bandwidth/diskspace to
build it in a pbuilder and upload for you?
That's the obvious solution, but it just makes things more complicated.
I was wondering the rationale behind
On Thu, Nov 10, 2005 at 10:45:20PM +0100, Josselin Mouette wrote:
I can't see the rationale for rejecting source uploads, and they used to
be accepted in the past.
AFAIK, this is false. Source-only uploads were never allowed in Debian.
Gruesse,
--
Frank Lichtenheld [EMAIL PROTECTED]
www:
On 10469 March 1977, Josselin Mouette wrote:
Rejected: source only uploads are not supported.
I can't see the rationale for rejecting source uploads, and they used to
be accepted in the past.
Because people then fuck up their packages even more.
No, they havent been accepted in the past.
Joerg Jaspert [EMAIL PROTECTED] writes:
On 10469 March 1977, Josselin Mouette wrote:
Rejected: source only uploads are not supported.
I can't see the rationale for rejecting source uploads, and they used to
be accepted in the past.
Because people then fuck up their packages even more.
In article [EMAIL PROTECTED] you wrote:
Why is this the case ? I'm running with experimental GNOME packages; if
I upload a binary package depending on them, it will be uninstallable on
unstable systems.
How can you test your packages if you dont build them?
Gruss
Bernd
--
To UNSUBSCRIBE,
23 matches
Mail list logo