Steve McIntyre writes ("Bug#914897: tech-ctte: Should debootstrap disable merged /usr by default?"): > There is a deeper worry about builds that may be done against the > "weak" background. Although buildd chroots are easily fixed up, > there's going to be a (small, but unknown) set of maintainers who > might be uploading binaries from merged systems. I think we're making > good progress on source-only uploads and building in clean chroots > etc., but... It's also likely not easy to pick up on "wrong" binary > packages built this way.
I think this is a valid concern but puts it far too narrowly. There is a persistent misunderstanding embodied in your comments here (or rather, embodied in a significant omission): the notion that the only reason to build a package on a Debian system is for upload to Debian. Once I put it like that, this notion is obviously false. What is happening is that the conversation is focusing on our own needs, within Debian to help us produce Debian, to the exclusion of the needs of our users. That is a natural tendency of course, but we must resist it. Back in the wider world, of course many people build packages on Debian systems for installation `somewhere else'. I have done it myself and probably many of the people reading this message have too. What is implicitly going on here is that it is mostly-tacitly[2] being assumed (or declared) that `I built this .deb on my laptop[1] and gave it to my friend' is wrongheaded. I don't think doing that is wrongheaded. Certainly it is extremely common; we don't have any public pronouncements saying it is somehow wrong; and we have had little discussion where we as a project decided that this was now a use case which we feel free to just break. Personally I think that this is a very important thing to keep working. It is the very core of users' collective software freedom. And that software freedom needs to be easy to exercise in practice. Despite a lot of excellent tooling, chroots are still not entirely trivial to set up and maintain. I would invite the TC to read this manpage, which is trying to explain to a Debian user how to change the programs on their own computer https://manpages.debian.org/stretch-backports/dgit/dgit-user.7.en.html and then consider how much even worse it would be if we had to write about chroots too. To TC members who are minded to uphold the current approach, I would ask: can you please explicitly state your opinion on this ? That is: Is it OK for a Debian user to build .deb on their laptop and give it to their friend ? If it is OK, how will we make sure that it does not pointlessly break ? I readily admit that there are many ways that this can produce a result significantly different to the official Debian package, particularly because the package build system may configure itself differently in the the presence of unexpected. The resulting package is probably not going to be suitable for wide distribution. But those kind of problems are (a) not serious in practice (b) generally have obvious symptoms and (c) are easily worked around by various means. Working around a usrmerge-generated failure is difficult; it usually involves doing serious violence to the upstream build system, or perhaps horrific rules file bodges. Thanks, Ian. [1] Implicitly, without using a chroot. [2] IIRC some people suggested this explicitly in the thread in d-devel. -- Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own. If I emailed you from an address @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.