The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Interesting dpkg issue, plus thoughts...

On Sat, 12 Jul 1997, joost witteveen wrote:

> > The number of packages that can't be re-built from
> > their source constituents, using 'dpkg-source -b', appear to be
> > increasing.
> 
> I believe this is because dpkg-source -b does appear to do only very
> minimal sanity checking (it will let you get away with setuid files in
> the source tree, extra directories, etc), and thus allow maintainers
> to build source packages, that subsequently cannot be extracted by
> dpkg-source -x, as that suddenly does do the checking.

I agree that this is "broken" and needs to be fixed. The problem for me is
that some wish to fix it by taking the sanity checking out of 'dpkg-source
-x', instead of adding the proper checks into 'dpkg-source -b'. There has
already been a discussion which, if I remeber correctly, decided to relax
the "no directories in the debian directory" rule. This erosion of the
package design worries me.

> 
> I'd very much be in favour of changing this behaviour, and do the checking
> before the source package is built, so that maintainers will notice the
> errors they make, not the people that (weeks, mounts later) try to 
> build their source package.
> 
I agree completely. There is, however, a work around for this problem. As
a package maintainer, it is your responsibility to verify that the source
package will build properly, just like is is the maintainers
responsibility to verify that the .deb package will unpack properly before
it is uploaded to master. I contientiously try to make sure that both of
these events will occur properly before I upload a new package. I
encourage all package maintainers to take those few simple steps necessary
to guarantee that problems don't propogate into the system that don't need
to. My concern is that the attitude has become: "Dpkg is too broken to
build a "good" source with, so I just will not worry about that and upload
the package anyway". Just as packages with improper dependencies can make
dselect appear to be severely broken. Improperly constructed packages
imply that the packaging system is broken, when it is not.

It is exactly this attitude that I wish us to think about and potentially
change for one that is more constructive and produces packages that work.

Luck,

Dwarf
-- 
_-_-_-_-_-_-                                          _-_-_-_-_-_-_-

aka   Dale Scheetz                   Phone:   1 (904) 656-9769
      Flexible Software              11000 McCrackin Road
      e-mail:  dwarf@polaris.net     Tallahassee, FL  32308

_-_-_-_-_-_- If you don't see what you want, just ask _-_-_-_-_-_-_-


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .