On Tue, May 24, 2016 at 05:27:16PM +0200, Karsten Hilbert wrote:
> > https://github.com/openaps/openaps
> >
> > to assemble a bunch of off-the shelf components to establish a feedback
> > loop to control blood sugar levels.
> >
> > Their philosophy is that to comply with FDA regulations the device
> > should not be sold, it is up to the individuals and their parents to
> > establish it all, on their very own responsibility this means.
> >
> > I am tempted to just go and package it.
>
> +1
+1
> > At the same time, any stupid
> > problem with anything (not necessarily within OpenAPS itself) could have
> > severe consequences, which includes death or brain damage. On the other
> > hand, especially the continuous integration checking of Debian is
> > helpful to spot some library inconsistencies upfront. There is also the
> > possibility to only offer the package in unstable (with an artificial RC
> > bug to prevent a migration to testing),
>
> +1
-1
> > so we could for instance offer
> > the continuous integration only and motivate the development of
> > respective tests by the community and see how things develop.
> >
> > So, how do you feel? Should we duck or cover it?
>
> Maybe one could add a fake alternative "openaps" which is set to
> /bin/false and must be set to /usr/bin/openaps-whatever manually
> by the user ? On every upgrade debconf could be used to force
> the user to re-decide whether it should stay active, default to
> inactive.
Well, if we try to create a package than we are doing this since we are
the experts in doing installations and we can do this usually better
than a random user. We are trying our best to let things perform
correctly. Imagine we install gpg that way and tell the user that we
are not sure whether encryption will work correctly and thus he is doing
on its on responsibility by confirming a debconf question. This does
not sensible in this case neither does it for OpenAPS.
What we should probably do is asking a lawyer about the consequences if
some harm was done to somebody who was using a device running a Debian
package and what the difference would be if somebody would have been
harmed by running an own installation. This should be documented inside
the packaging and probably the text of the
Files: debian/*
paragraph in debian/copyright should be well designed.
Kind regards
Andreas.
--
http://fam-tille.de
