On 10.02.2016 21:32, Dimitri John Ledkov wrote:
This does not abolish the MIR process. If a hard binary dependency is gained (e.g. shared linking), the binary and source package still must go through MIR process and be published in main.
So an existing app package gains a new (universe) dependency on libfoo-dev. Builds fine, maybe migrates, and then image builds fail because of the libfoo1 component mismatch. Now you can either pre-promote the libfoo, or re-upload app without the dependency (if that works). This probably will lead to more pre-promotions, and looking at the current back-log of security related MIRs the time between build and promotion will increase, making it probably harder to revert such a change.
I'm a bit worried that we'll then have to chase people to subscribe teams to the new packages, write the MIR, ... We'll save some time by not processing B-D only MIRs, but I think for the remaining MIRs we'll have to spend more time.
We unfortunately already have some kind of "dput and forget" attitude with packages staying in -proposed. This change maybe will foster an "pre-approve and forget" attitude.
Matthias -- ubuntu-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
