The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: source packages and upstream source

To: Manoj Srivastava <srivasta@datasync.com>
Subject: Re: source packages and upstream source
From: "Susan G. Kleinmann" <sgk@kleinmann.com>
Date: Fri, 28 Feb 1997 07:46:13 -0500
Cc: debian-private@lists.debian.org
Delivered-to: bruce-lists--debian-private@lists.debian.org
In-reply-to: Your message of "27 Feb 1997 16:06:18 CST." <87zpwpewep.fsf@tiamat.datasync.com>

Hi Manoj --

I'm concerned about your statement that:
>       Well, so, this means do not require that we
>   *always* have the upstream file untouched in our uploads. 

Unless I misunderstand what you mean here, "not-always" (for
my purposes) is equivalent to never -- something like an airline
announcing that they may or may not use planes with an even number 
of wings. :-)

Over again, verbosely:  what I think must be avoided is the situation
where a developer downloads source(s) from somewhere then 
transforms it somehow by issuing unrecorded commands from the keyboard,
then proceeds to make a debian package.  Unless every action
of the developer is either recorded (good), scripted (better), or 
built into the tools we use (best), then a user of the sources cannot 
retrace the steps taken by the developer and cannot therefore really
use the debianized sources to add the tweak appropriate to whatever
his purposes may be.  Further, he cannot convince his colleagues or
superiors that he has rationally chosen (including identified) the 
tools he's using.

Sure, the debian developer might _also_ need to produce the source 
package in some intermediate format to bring it into some kind of 
conformity that eases handling by package management tools, but 
that is really a side-issue.  Traceability, including precise 
specification of the origin and transformation of the sources, 
is essential if one is to have a truly useful and credible source 
package.

I believe (hope?) that Bruce is right when he says that the 
overall effect of a policy that required traceability on Debian's 
source packages would probably be very small, and merely serve as a 
heads-up for practices that are more or less in place already.  
I'm very glad Bruce is pursuing discussions to have a wider 
audience (Linux-wide) participate in these procedures.

Susan

Follow-Ups:
- Re: source packages and upstream source
  - From: Manoj Srivastava <srivasta@datasync.com>
- Re: source packages and upstream source
  - From: Guy Maor <maor@ece.utexas.edu>
- Re: source packages and upstream source
  - From: kai@khms.westfalen.de (Kai Henningsen)

References:
- Re: source packages and upstream source
  - From: Manoj Srivastava <srivasta@datasync.com>

Prev by Date: Re: source packages and upstream source
Next by Date: Re: re-organization
Previous by thread: Re: source packages and upstream source
Next by thread: Re: source packages and upstream source
Index(es):
- Date
- Thread