Re: PPAs for Debian
On Wed, May 04, 2011 at 01:23:12AM -0400, Scott Kitterman wrote:
That depends on what you mean by 'issue'. I think exactly the issues that
concern some people in Debian about packages of 'poor quality' being
generated
in an uncontrolled PPA system are happening with regularity in Ubuntu.
Although it doesn't happen every week or anything, it's happened more often
than I can recall that someone files a bug in Ubuntu about broken PPA
packages
done by some random non-developer. I believe Debian is quite correct to be
concerned about the potential for user confusion and damage to Debian's
reputation for high quality work.
PPAs as a developer tool are one thing, PPAs as a tool for random uploads, I
think are quite another.
AOL. I think that for Project needs, PPAs accessible only to DDs + DMs
would be a good compromise to avoid random uploads. It also seems sane
in order to avoid the risk of DOS-ing buildds. It's not too constraining
either as, after all, we won't (and simply can't) block users out there
to set up their own package repositories by means other than PPA.
Cheers.
--
Stefano Zacchiroli -o- PhD in Computer Science \ PostDoc @ Univ. Paris 7
zack@{upsilon.cc,pps.jussieu.fr,debian.org} -- http://upsilon.cc/zack/
Quando anche i santi ti voltano le spalle, | . |. I've fans everywhere
ti resta John Fante -- V. Capossela ...| ..: |.. -- C. Adams
signature.asc
Description: Digital signature
Re: PPAs for Debian
Mike Hommey, 2011-05-04 07:57:47 +0200 : [...] Add to that that allowing random people to upload packages to be built on Debian build daemons is a recipe to have the buildds compromised. My initial idea about how one would go about implementing them involved very strict isolation of the builds (either with LXC or a more heavy-handed virtualisation system). Not going to be very efficient in the slow path, but the scope of a compromise would be a temporary environment that's going to be thrown away in a minute or so and never reused. Roland. -- Roland Mas Shyumiribirikku ga susunde imashyou ka ? -- Le Schmilblick en japonais -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/874o5bszlj@mirexpress.internal.placard.fr.eu.org
Re: PPAs for Debian
Heya, Roland Mas lola...@debian.org writes: Mike Hommey, 2011-05-04 07:57:47 +0200: Add to that that allowing random people to upload packages to be built on Debian build daemons is a recipe to have the buildds compromised. My initial idea about how one would go about implementing them involved very strict isolation of the builds (either with LXC or a more heavy-handed virtualisation system). Not going to be very efficient in the slow path, but the scope of a compromise would be a temporary environment that's going to be thrown away in a minute or so and never reused. If anyone would have actually read the PPA proposal, they would know that uploads were and are intended to be restricted to DDs and DMs (which can break buildds anyway, if they want) and building should happen in throw-away chroots (not for security, but don't mess with my system reasons). Marc pgpA4XuJtzDNF.pgp Description: PGP signature
Re: PPAs for Debian
On 4 May 2011 15:23, Scott Kitterman deb...@kitterman.com wrote: That depends on what you mean by 'issue'. I think exactly the issues that concern some people in Debian about packages of 'poor quality' being generated in an uncontrolled PPA system are happening with regularity in Ubuntu. Although it doesn't happen every week or anything, it's happened more often than I can recall that someone files a bug in Ubuntu about broken PPA packages done by some random non-developer. I believe Debian is quite correct to be concerned about the potential for user confusion and damage to Debian's reputation for high quality work. I don't personally see this as an issue, I think it is clear that Ubuntu hosted PPAs are not controlled by Ubuntu, and as such the quality may vary widely. If you don't trust the person making the archive, don't use it. If the files look seriously old, don't use it. As for bug reports, being filled at at the wrong place, this will always be an issue with or without the PPAs. Also I believe anybody can already get an account and upload files to alioth - I don't believe we have a problem with poor quality files being uploaded by random developers. Or if this is an issue, maybe we should restrict alioth to developers only too? I personally use my Ubuntu PPA for my Django based libraries; I don't think it is reasonable to put every Django application/library I develop immediately in Debian main, but this does not imply that the quality is lacking in these packages. It makes sense to have a central system everyone can use, manually setting up private repositories that support automatic uploads, autobuilding, etc, is a reasonably complicated task, using time that could be better spent on improving the quality of the packages. -- Brian May br...@microcomaustralia.com.au
Re: PPAs for Debian
Marc 'HE' Brockschmidt, 2011-05-04 10:42:31 +0200 : Heya, Roland Mas lola...@debian.org writes: Mike Hommey, 2011-05-04 07:57:47 +0200: Add to that that allowing random people to upload packages to be built on Debian build daemons is a recipe to have the buildds compromised. My initial idea about how one would go about implementing them involved very strict isolation of the builds (either with LXC or a more heavy-handed virtualisation system). Not going to be very efficient in the slow path, but the scope of a compromise would be a temporary environment that's going to be thrown away in a minute or so and never reused. If anyone would have actually read the PPA proposal, they would know that uploads were and are intended to be restricted to DDs and DMs (which can break buildds anyway, if they want) and building should happen in throw-away chroots (not for security, but don't mess with my system reasons). Oh, we're in full agreement, no question about that :-) I'm sorry I didn't read the proposal, I was only trying to debunk a misapprehension (and, possibly, nudge implementers into a way that would be helpful in a more general case than the Debian PPA, such as… other users of FusionForge, for instance. My view is that PPAs should be handled as a particular case of a more general architecture for continuous integration (or autobuilding) in the forge. My point of view is biased, but I'm pretty sure we could find other use cases for builds *besides* packages. Customized CD images, possibly, or datasets or tdebs or whatnot. Roland. -- Roland Mas Sauvez un arbre, tuez un castor. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87ei4estit@mirexpress.internal.placard.fr.eu.org
Re: PPAs for Debian
On Wed, May 04, 2011 at 08:28:00AM +0200, Stefano Zacchiroli wrote: On Wed, May 04, 2011 at 01:23:12AM -0400, Scott Kitterman wrote: I believe Debian is quite correct to be concerned about the potential for user confusion and damage to Debian's reputation for high quality work. PPAs as a developer tool are one thing, PPAs as a tool for random uploads, I think are quite another. AOL. I think that for Project needs, PPAs accessible only to DDs + DMs Maybe we should think about not use the «PPAs» name so there will be less confusion about the kind of service being discussed, and in the long term will be less confused for users as well I recall «debhub» being used early, or maybe «DebSandBox». Cheers -- René signature.asc Description: Digital signature
Re: PPAs for Debian
Stefano Zacchiroli dijo [Sat, Apr 30, 2011 at 12:56:15PM +0200]: I think it would make quite sense to get something like e.g. ppa done for Debian. But thats something else than it's proposed here. Yes, absolutely. I'd even dare to say that having something like PPA for Debian is a priority. It would be yet another way to enable people to experiment with big changes in Debian, showing their value, with minimum impact on the work of others. Fully agree here. It happens that I've a recent update on this topic to share. There were some concerns about the need of something like a NEW queue for Debian's PPA, for legal reasons. I had a long phone call with SPI lawyer about this just yesterday. It turns out that there are a few provisions we should follow to stay on the safe side, but there is no specific blocker either. We can go ahead, individual maintainers will be responsible of what they upload / distribute via PPA. Here I think we would be facing two different use cases, which impose very different results: • A PPA-like can be used by a Debian-related person (DD/DM/Dwhatever), and we trust the credentials they have already presented as personal identification (so what you stated can be held) • But at least AFAICT, Canonical's PPAs allow also non-Ubuntu-related people to maintain their own repositories. That's a great way for them to start getting acquinted with the technical processes and get closer to becoming officialy affiliated. I have also seen it as a common distribution channel for independent projects. The second use case might be what I feel as most attractive - Yes, I maintain a couple of personal apt repos with things not really suitable for Debian, some of which I could move to a PPA were it available, but a non-Debianer might find it harder (and less motivating) to learn the details of setting up his repo. But we should then look into how we can ensure personal identification - Would we keep the key reachability requirement? I think it's the least we could do. If contributors cannot be identified, then I guess responsability would fall upon the project, as infrastructure providers, right? Greetings, -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110504163132.ge15...@gwolf.org
Re: PPAs for Debian
Paul Tagliamonte dijo [Wed, May 04, 2011 at 12:16:54AM -0400]: AFAIU, only DD and DM could create PPA and upload to them. If this is not the case, then I share your fears. Usage of the PPA system on LP requires that you agree to the usage terms (not unlike machine usage policies for Debian). We let non-MOTU upload to their own PPAs (has their name in the URL), and if nonfree (or malicious) packages are uploaded, they can have PPA rights removed. How do you ensure the identity of the uploaders? If my acount gets forbidden, what protection is there so I don't just create a new one? -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110504163445.gf15...@gwolf.org
Re: PPAs for Debian
Marc 'HE' Brockschmidt dijo [Wed, May 04, 2011 at 10:42:31AM +0200]: (...) If anyone would have actually read the PPA proposal, they would know that uploads were and are intended to be restricted to DDs and DMs (which can break buildds anyway, if they want) and building should happen in throw-away chroots (not for security, but don't mess with my system reasons). Oh... well, I took some time today to read through this gigantic thread (expecting erupting flames but finding very interesting discussions instead!), and had not reached this point. If Debian-PPAs are to be limited to DDs and DMs (and I'd add non-uploading DDs), my points about identifications can be perfectly ignored. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110504163800.gg15...@gwolf.org
Re: PPAs for Debian
On Wednesday, May 04, 2011 12:34:45 PM Gunnar Wolf wrote: Paul Tagliamonte dijo [Wed, May 04, 2011 at 12:16:54AM -0400]: AFAIU, only DD and DM could create PPA and upload to them. If this is not the case, then I share your fears. Usage of the PPA system on LP requires that you agree to the usage terms (not unlike machine usage policies for Debian). We let non-MOTU upload to their own PPAs (has their name in the URL), and if nonfree (or malicious) packages are uploaded, they can have PPA rights removed. How do you ensure the identity of the uploaders? If my acount gets forbidden, what protection is there so I don't just create a new one? This is no protection nor any identity checks for uploaders with the Launchpad PPAs. Scott K -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201105041240.32799.deb...@kitterman.com
Re: PPAs for Debian
On Wed, May 04, 2011 at 01:23:12AM -0400, Scott Kitterman wrote: PPAs as a developer tool are one thing, PPAs as a tool for random uploads, I think are quite another. I'd hate to see Debian make the same mistake that Canonical did in this regard. PPA on Debian infrastructure should be limited to people with a key in the keyring. Though we should make the software available for people to build their own PPA infrastructure easily. -- ·O· Pierre Habouzit ··Omadco...@debian.org OOOhttp://www.madism.org -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110504203954.gb21...@madism.org
Re: PPAs for Debian
On Sat, Apr 30, 2011 at 12:56:15PM +0200, Stefano Zacchiroli wrote: On Sat, Apr 30, 2011 at 12:07:24PM +0200, Andreas Barth wrote: I think it would make quite sense to get something like e.g. ppa done for Debian. But thats something else than it's proposed here. Yes, absolutely. I'd even dare to say that having something like PPA for Debian is a priority. I do not agree on this, if the package is good enough and has somebody willing to maintain it, the package may belong to the archive. If the package is on the archive it will get automatic and manual QA tests, and it can take advantage on all the already existing tools(PTS, DDPO, BTS, etc). but if we set yet another archive that will be open for anyone (like PPA) we will get packages with low quality, and maybe some users blaming debian about the quality being dropped when they confuse this and think those are official packages/repositories. Cheers -- René signature.asc Description: Digital signature
Re: PPAs for Debian
* René Mayorga (rmayo...@debian.org) [110503 22:52]: On Sat, Apr 30, 2011 at 12:56:15PM +0200, Stefano Zacchiroli wrote: On Sat, Apr 30, 2011 at 12:07:24PM +0200, Andreas Barth wrote: I think it would make quite sense to get something like e.g. ppa done for Debian. But thats something else than it's proposed here. Yes, absolutely. I'd even dare to say that having something like PPA for Debian is a priority. I do not agree on this, if the package is good enough and has somebody willing to maintain it, the package may belong to the archive. Eh, the PPAs we are speaking about is like new features to existing packages. Yes, we need to avoid PPAs which are just dead ends. Andi -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110503213151.gr15...@mails.so.argh.org
Re: PPAs for Debian
On Tue, May 03, 2011 at 02:46:11PM -0600, René Mayorga wrote:
Yes, absolutely. I'd even dare to say that having something like PPA for
Debian is a priority.
I do not agree on this, if the package is good enough and has somebody willing
to maintain it, the package may belong to the archive.
If the package is on the archive it will get automatic and manual QA tests,
and
it can take advantage on all the already existing tools(PTS, DDPO, BTS, etc).
but if we set yet another archive that will be open for anyone (like PPA) we
will
get packages with low quality, and maybe some users blaming debian about the
quality being dropped when they confuse this and think those are official
packages/repositories.
There are two views of PPAs, one is internal for developers, one is
external for users.
The internal for developers is offering a lightweight framework to
experiment with changes that would be otherwise unfeasible to experiment
with (for a whole lot of reasons, e.g.: it's freeze time and you can't
upload dangerous stuff; you can't use experimental because you're
already using it with another development line; you want to show that
you've valuable changes to offer also for packages you do not maintain
and with which the legitimate maintainer disagree and want to be
convinced you're right). According to that view, PPAs are nothing short
of a debhub (see one of the first mails from Pierre Habouzit in this
thread, who has surely described this concept better than me in this
paragraph).
The view above is the one I see as a priority for Debian, as it will
enable developers to experiment with important changes against the
inertia that plagues us (or too big size, as put down by others in
this thread).
The user view is different, is about using PPAs to deliver non-official
packages to users. I agree that such a view might be plagued by the
problem you mention. Of course, being realistic, to have the above view
we will also need a way for the users to test packages as developers
themselves will need to test forked packages in the first place. As
long as it is clear that PPAs are not official Debian and it is not too
easy to get to them, I don't see a problem with it. After all, in that
respect what is the difference between that and unofficial APT
repositories that many of us already maintain at people.d.o/~something
or something.debian.net? Do you want to shut them down as well?
Cheers.
--
Stefano Zacchiroli -o- PhD in Computer Science \ PostDoc @ Univ. Paris 7
zack@{upsilon.cc,pps.jussieu.fr,debian.org} -- http://upsilon.cc/zack/
Quando anche i santi ti voltano le spalle, | . |. I've fans everywhere
ti resta John Fante -- V. Capossela ...| ..: |.. -- C. Adams
signature.asc
Description: Digital signature
Re: PPAs for Debian
disagree with both of you, although indeed, unless explicitly mentioned, PPAs should not be positioned as 'official', since they are NOT. we already have dozens of private repositories around, and it is not for us to judge either they are of any use -- time and their use would show. The role of PPAs as far as I see it to 1. enable with ease construction of personal repositories, 2. make them really easily available on Debian systems, 3. CENTRALIZE their location under Debian's umbrella. Benefits would be numerous: from actually QAing (e.g. automatic lintian, rebuilds etc) so that e.g. no sponsorship request is even accepted unless package passes PPA QA, to possibly even serving them as the possible venue for custom packaging work of the derivatives (thus making it easier to put it into Debian proper). On Tue, 03 May 2011, Andreas Barth wrote: I do not agree on this, if the package is good enough and has somebody willing to maintain it, the package may belong to the archive. Eh, the PPAs we are speaking about is like new features to existing packages. Yes, we need to avoid PPAs which are just dead ends. Andi -- =--= Keep in touch www.onerussian.com Yaroslav Halchenko www.ohloh.net/accounts/yarikoptic -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110503213954.gs16...@onerussian.com
Re: PPAs for Debian
On Tue, May 03, 2011 at 11:30:41PM +0200, Stefano Zacchiroli wrote: On Tue, May 03, 2011 at 02:46:11PM -0600, René Mayorga wrote: Yes, absolutely. I'd even dare to say that having something like PPA for Debian is a priority. I do not agree on this, if the package is good enough and has somebody willing to maintain it, the package may belong to the archive. There are two views of PPAs, one is internal for developers, one is external for users. The internal for developers is offering a lightweight framework to experiment with changes that would be otherwise unfeasible to experiment with (for a whole lot of reasons, e.g.: it's freeze time and you can't upload dangerous stuff; you can't use experimental because you're already using it with another development line; you want to show that you've valuable changes to offer also for packages you do not maintain and with which the legitimate maintainer disagree and want to be convinced you're right). According to that view, PPAs are nothing short of a debhub (see one of the first mails from Pierre Habouzit in this thread, who has surely described this concept better than me in this paragraph). The view above is the one I see as a priority for Debian Great, thanks for the clarification. After all, in that respect what is the difference between that and unofficial APT repositories that many of us already maintain at people.d.o/~something or something.debian.net? Do you want to shut them down as well? no, I was expressing over the PPA as an official services that allow users to upload any package without any quality control. Cheers -- René signature.asc Description: Digital signature
Re: PPAs for Debian
On Tue, 03 May 2011 at 14:46:11 -0600, René Mayorga wrote: On Sat, Apr 30, 2011 at 12:56:15PM +0200, Stefano Zacchiroli wrote: I'd even dare to say that having something like PPA for Debian is a priority. I do not agree on this, if the package is good enough and has somebody willing to maintain it, the package may belong to the archive. As I understand it, the value of PPAs (or similar) for Debian would be that they solve the problem of we only have one experimental. For instance, if upstream stable branch 0.2.x is in testing, a freeze is in progress, the current upstream stable branch is 0.4.x and they're already making 0.5.x development releases (projects on 6-month release cycles, like KDE, GNOME and Telepathy, can easily get into this situation), maintainers currently end up using unstable for 0.2.x, and having to decide which is more useful for experimental - preparing packaging for the 0.4.x stable branch, or getting early testing for 0.5.x. With a PPA-like thing, you could replace experimental with gnome-stable and gnome-devel PPAs (or whatever), and have both available at the same time. S -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110503223916.ga10...@reptile.pseudorandom.co.uk
Re: PPAs for Debian
Le mercredi 04 mai 2011 à 00:02:01 (+0200 CEST), René Mayorga a écrit : On Tue, May 03, 2011 at 11:30:41PM +0200, Stefano Zacchiroli wrote: After all, in that respect what is the difference between that and unofficial APT repositories that many of us already maintain at people.d.o/~something or something.debian.net? Do you want to shut them down as well? no, I was expressing over the PPA as an official services that allow users to upload any package without any quality control. AFAIU, only DD and DM could create PPA and upload to them. If this is not the case, then I share your fears. Cheers, Julien -- .''`. Julien Valroff ~ jul...@kirya.net ~ jul...@debian.org : :' : Debian Developer Free software contributor `. `'` http://www.kirya.net/ `- 4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1 signature.asc Description: Digital signature
Re: PPAs for Debian
On Wed, May 4, 2011 at 12:02 AM, Julien Valroff jul...@debian.org wrote: Le mercredi 04 mai 2011 à 00:02:01 (+0200 CEST), René Mayorga a écrit : On Tue, May 03, 2011 at 11:30:41PM +0200, Stefano Zacchiroli wrote: After all, in that respect what is the difference between that and unofficial APT repositories that many of us already maintain at people.d.o/~something or something.debian.net? Do you want to shut them down as well? no, I was expressing over the PPA as an official services that allow users to upload any package without any quality control. AFAIU, only DD and DM could create PPA and upload to them. If this is not the case, then I share your fears. Usage of the PPA system on LP requires that you agree to the usage terms (not unlike machine usage policies for Debian). We let non-MOTU upload to their own PPAs (has their name in the URL), and if nonfree (or malicious) packages are uploaded, they can have PPA rights removed. There's been one issue I can recall, and it was only a very very slight DFSG technicality. Cheers, Julien -- .''`. Julien Valroff ~ jul...@kirya.net ~ jul...@debian.org : :' : Debian Developer Free software contributor `. `'` http://www.kirya.net/ `- 4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1 Cheers, Paul -- All programmers are playwrights, and all computers are lousy actors. #define sizeof(x) rand() :wq -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/BANLkTikZoQCZsO2G3=--rbzgdtpauc3...@mail.gmail.com
Re: PPAs for Debian
On Wednesday, May 04, 2011 12:16:54 AM Paul Tagliamonte wrote: On Wed, May 4, 2011 at 12:02 AM, Julien Valroff jul...@debian.org wrote: Le mercredi 04 mai 2011 à 00:02:01 (+0200 CEST), René Mayorga a écrit : On Tue, May 03, 2011 at 11:30:41PM +0200, Stefano Zacchiroli wrote: After all, in that respect what is the difference between that and unofficial APT repositories that many of us already maintain at people.d.o/~something or something.debian.net? Do you want to shut them down as well? no, I was expressing over the PPA as an official services that allow users to upload any package without any quality control. AFAIU, only DD and DM could create PPA and upload to them. If this is not the case, then I share your fears. Usage of the PPA system on LP requires that you agree to the usage terms (not unlike machine usage policies for Debian). We let non-MOTU upload to their own PPAs (has their name in the URL), and if nonfree (or malicious) packages are uploaded, they can have PPA rights removed. There's been one issue I can recall, and it was only a very very slight DFSG technicality. That depends on what you mean by 'issue'. I think exactly the issues that concern some people in Debian about packages of 'poor quality' being generated in an uncontrolled PPA system are happening with regularity in Ubuntu. Although it doesn't happen every week or anything, it's happened more often than I can recall that someone files a bug in Ubuntu about broken PPA packages done by some random non-developer. I believe Debian is quite correct to be concerned about the potential for user confusion and damage to Debian's reputation for high quality work. PPAs as a developer tool are one thing, PPAs as a tool for random uploads, I think are quite another. I'd hate to see Debian make the same mistake that Canonical did in this regard. Scott K signature.asc Description: This is a digitally signed message part.
Re: PPAs for Debian
On Wed, May 04, 2011 at 01:23:12AM -0400, Scott Kitterman wrote: On Wednesday, May 04, 2011 12:16:54 AM Paul Tagliamonte wrote: On Wed, May 4, 2011 at 12:02 AM, Julien Valroff jul...@debian.org wrote: Le mercredi 04 mai 2011 à 00:02:01 (+0200 CEST), René Mayorga a écrit : On Tue, May 03, 2011 at 11:30:41PM +0200, Stefano Zacchiroli wrote: After all, in that respect what is the difference between that and unofficial APT repositories that many of us already maintain at people.d.o/~something or something.debian.net? Do you want to shut them down as well? no, I was expressing over the PPA as an official services that allow users to upload any package without any quality control. AFAIU, only DD and DM could create PPA and upload to them. If this is not the case, then I share your fears. Usage of the PPA system on LP requires that you agree to the usage terms (not unlike machine usage policies for Debian). We let non-MOTU upload to their own PPAs (has their name in the URL), and if nonfree (or malicious) packages are uploaded, they can have PPA rights removed. There's been one issue I can recall, and it was only a very very slight DFSG technicality. That depends on what you mean by 'issue'. I think exactly the issues that concern some people in Debian about packages of 'poor quality' being generated in an uncontrolled PPA system are happening with regularity in Ubuntu. Although it doesn't happen every week or anything, it's happened more often than I can recall that someone files a bug in Ubuntu about broken PPA packages done by some random non-developer. I believe Debian is quite correct to be concerned about the potential for user confusion and damage to Debian's reputation for high quality work. PPAs as a developer tool are one thing, PPAs as a tool for random uploads, I think are quite another. I'd hate to see Debian make the same mistake that Canonical did in this regard. Add to that that allowing random people to upload packages to be built on Debian build daemons is a recipe to have the buildds compromised. Mike -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110504055747.gb3...@glandium.org
Re: PPAs for Debian
I too believe PPA for Debian is a must have, I personally was thinking of making my own repository where I would store packages before having them pushed into Debian, even if it was for experimental. Putting packages on Ubuntu PPA just doesn't feel right, thus I fully support this idea and would even help with realization of the same if the time allows me. Adnan On Sat, Apr 30, 2011 at 1:04 PM, Andreas Barth a...@not.so.argh.org wrote: * Stefano Zacchiroli (lea...@debian.org) [110430 12:56]: What we lack for that to become a reality is just the code. Marc and Tollef had set up a nice proposal [1] for GSoC this year and were willing to mentor it, but unfortunately no student has shown up. If there are people willing to contribute some development cycles to Debian (no need to be a DD), that's a wonderful opportunity. Yes, PPAs just need someone who does it. Not more, but also not less. Andi -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110430110424.gh2...@mails.so.argh.org -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/BANLkTi=1DLcKb_b-axBucU-BBaevV=t...@mail.gmail.com
Re: PPAs for Debian
Stefano Zacchiroli, 2011-04-30 12:56:15 +0200 : [...] What we lack for that to become a reality is just the code. Marc and Tollef had set up a nice proposal [1] for GSoC this year and were willing to mentor it, but unfortunately no student has shown up. If there are people willing to contribute some development cycles to Debian (no need to be a DD), that's a wonderful opportunity. And if the system were to be integrated somewhat into Alioth, I'm pretty sure the upstreams for FusionForge would be glad to offer guidance. I would, at any rate. It just so happens that there's going to be an Alioth sprint in a bit less than three weeks. Want to join us to discuss the matter and/or start an implementation? Head to http://wiki.debian.org/Sprints/2011/AliothSprint (even if it's little more than a skeleton so far). Roland. -- Roland Mas Qu'est-ce qui est petit, jaune et vachement dangereux ? Un canari avec le mot de passe de root. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87mxj5xg6r@mirexpress.internal.placard.fr.eu.org
Re: PPAs for Debian
On 30 April 2011 20:56, Stefano Zacchiroli lea...@debian.org wrote: Some FAQ on this topic: Q: Why don't you use Launchpad's PPA? A: Last time I looked into it (together with some Launchpad engineers at past UDS), the PPA module was too tightly integrated with other Launchpad parts to be deployable on Debian infrastructure I don't think it is currently possible to use Launchpad's PPA to build against non-Ubuntu distributions (or that is the impression I get anyway). Would really like to see a PPA based system that supports building against Debian stable and unstable. -- Brian May br...@microcomaustralia.com.au
Re: PPAs for Debian
On Sat, 30 Apr 2011, Stefano Zacchiroli wrote: Yes, absolutely. I'd even dare to say that having something like PPA for Debian is a priority. It would be yet another way to enable people to experiment with big changes in Debian, showing their value, with minimum impact on the work of others. +10 Also, because Debian is the mothership, we might be kind to the kids and Debian PPA could carry a selection of derivatives' (e.g. Ubuntus) releases, thus providing the ultimate PPA hosting. Sorry if I have missed it -- do we have anywhere (wiki) a page outlining design/concerns/etc about PPA implementation in Debian . It might be worth getting it out so we could collect our thoughts. -- =--= Keep in touch www.onerussian.com Yaroslav Halchenko www.ohloh.net/accounts/yarikoptic -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110503030422.go16...@onerussian.com
Re: PPAs for Debian
* Stefano Zacchiroli (lea...@debian.org) [110430 12:56]: What we lack for that to become a reality is just the code. Marc and Tollef had set up a nice proposal [1] for GSoC this year and were willing to mentor it, but unfortunately no student has shown up. If there are people willing to contribute some development cycles to Debian (no need to be a DD), that's a wonderful opportunity. Yes, PPAs just need someone who does it. Not more, but also not less. Andi -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110430110424.gh2...@mails.so.argh.org
