Le samedi 05 février 2022 à 15:07 +0000, Andrew M.A. Cater a écrit : > There's a huge amount of software that's undistributable: Debian's > good faith attempt to review this is one of the crucial arguments I > have with $DAYJOB about the benefits of a curated distribution, > however fallible we may be.
That is a strong point and a main difference in quality with other distributions. > I think we should use automated tools where available, query with > upstream where practicable, and continue doing what we're doing as > far as possible, in my humble opinion. I would see the screening like this: - only source uploads are allowed (NEW and all) ; - automatic building of binary packages ; - automatic tools try to find problems (licensing and all) ; - as a last step, human checks for license issues in NEW and randomly on existing packages. At least if they have seen updates since their NEW review -- I'm wondering how many packages are a one-time shot? > Reproducible builds and DEP-5 / SPDX are also crucial in improving > everyone's quality - I don't see commercial/enterprise distributions > doing this valuable public service but I very much value the fact > that Debian does it, for example. I would add our network of buildd/porterbox to the list of good things we can boast about. Cheers, J.Puydt