Hi Bálint, On Fri, Jun 12, 2015 at 11:19:30AM +0200, Bálint Réczey wrote: > Hi Wouter, > > 2015-06-12 0:59 GMT+02:00 Wouter Verhelst <wou...@debian.org>: > > > > - I don't want to have to deal with doing a maven build in a Debian > > package. If you see what the packages' debian/rules do, ou'll see that > > we cheat for eid-viewer. > > This does not sound like building a binary we could trust.
It isn't appropriate for inclusion in Debian, that much I agree with. It should be trustworthy, though. > > - The packages exist mostly to support cards that have a limited > > validity. When they're no longer valid, you return the old one and get > > a new one. Sometimes, it happens that the newer cards have a bug, or > > have a new feature, or some such, which means that the old version of > > the software doesn't really work anymore, and you need a new one. > > Having older versions in the archive for years after they stop working > > turned out to be a support nightmare for upstream. > I think with wheezy-backports the situation improved a lot. The application > could check if *-backports is enabled and warn the user if it is not. You > could > keep updated versions in *-backports, thus avoiding the nightmare. This is true, to some extent, but it does not solve all my problems. We also support Ubuntu and Linux Mint, not to speak of the set of RPM-based distributions for which there are packages. For the latter, it is usually possible to supply a link to a ".repo" file; for all of those distributions, tools exist to automagically configure the system so that the repository is enabled and the gpg key is added as a trusted key (after appropriate confirmation from the user). The same is not true for Debian, and I think this should be the case. I believe the answer to "how do I make a proper third-party repository" should *not* be "don't". What I'm trying to fix here is not something that will help me in the short term; indeed, due to the remaining length of the contract and the average length of a Debian release cycle, it is even possible that this won't help me anymore but will only be useful for whoever it is that will succeed me. I could start uploading to backports today, and create a PPA for ubuntu, and continue to maintain third-party repositories for fedora, centos, and opensuse. But that would mean I have to upload packages to three different places. It would also mean that the workflow for providing the results of my continuous integration builds would be significantly different from the results of the "regular" builds. This would all be undesirable. To clarify: the reason that I mailed to -devel was not "please help me fix my problem"; instead, I did so because I believe there is a gap in our current support for third-party repositories, and because I believe this is a problem that needs fixing. Taking away my personal need for maintaining third-party repositories, while interesting in and of itself, does not actually do that; the gap would still exist for other people. Taking away the need for third-party repositories in the first place *would* help fix that, yes. By creating PPA's, improving backports support, and other similar things, it is true that the need for third-party repositories will diminish; but I don't think it will ever go away completely, and so it makes sense to improve support for such repositories. Regards, -- It is easy to love a country that is famous for chocolate and beer -- Barack Obama, speaking in Brussels, Belgium, 2014-03-26
signature.asc
Description: Digital signature