Re: gnome-swallow_1.2-2_source.changes REJECTED

classic Classic list List threaded Threaded
23 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Re: gnome-swallow_1.2-2_source.changes REJECTED

Josselin Mouette
Le jeudi 10 novembre 2005 à 13:32 -0800, Debian Installer a écrit :
> Rejected: source only uploads are not supported.

Why is this the case ? I'm running with experimental GNOME packages; if
I upload a binary package depending on them, it will be uninstallable on
unstable systems.

I can't see the rationale for rejecting source uploads, and they used to
be accepted in the past.

(And don't tell me to use pbuilder, I don't have the disk space nor the
bandwidth for it.)
--
 .''`.           Josselin Mouette        /\./\
: :' :           [hidden email]
`. `'                        [hidden email]
  `-  Debian GNU/Linux -- The power of freedom

signature.asc (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: gnome-swallow_1.2-2_source.changes REJECTED

Adeodato Simó-3
* Josselin Mouette [Thu, 10 Nov 2005 22:45:20 +0100]:

> (And don't tell me to use pbuilder, I don't have the disk space nor the
> bandwidth for it.)

  Why bandwidth? Several systems exist to cache debs so they don't have
  to be fetched from the net each time they're used (apt-cacher,
  apt-proxy, or even a shared /var/cache/apt/archives).

  Cheers,

--
Adeodato Simó
    EM: dato (at) the-barrel.org | PK: DA6AE621
    Listening to: Matthew Kimball - I don't want to fall in love
 
We learned that the Linux load average rolls over at 1024. And we
actually found this out empirically.
                -- H. Peter Anvin from kernel.org


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: gnome-swallow_1.2-2_source.changes REJECTED

Josselin Mouette
Le jeudi 10 novembre 2005 à 23:00 +0100, Adeodato Simó a écrit :
> * Josselin Mouette [Thu, 10 Nov 2005 22:45:20 +0100]:
>
> > (And don't tell me to use pbuilder, I don't have the disk space nor the
> > bandwidth for it.)
>
>   Why bandwidth? Several systems exist to cache debs so they don't have
>   to be fetched from the net each time they're used (apt-cacher,
>   apt-proxy, or even a shared /var/cache/apt/archives).

And here comes the lack of disk space...
--
 .''`.           Josselin Mouette        /\./\
: :' :           [hidden email]
`. `'                        [hidden email]
  `-  Debian GNU/Linux -- The power of freedom

signature.asc (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: gnome-swallow_1.2-2_source.changes REJECTED

Peter Samuelson
In reply to this post by Josselin Mouette

[Josselin Mouette]
> I can't see the rationale for rejecting source uploads, and they used
> to be accepted in the past.

It's the first line of defense against people uploading things that
don't build, wasting various infrastructure resources.

Perhaps what you need is for someone to set up an autobuilder queue
that doesn't upload packages but just returns them to you somehow, with
logs, so you can sign and upload yourself.  Of course this autobuilder
queue should be under control of Debian developers, lest we have
another round of flames about uploading untrusted binaries.


signature.asc (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: gnome-swallow_1.2-2_source.changes REJECTED

Roberto C. Sanchez
In reply to this post by Josselin Mouette
On Thu, Nov 10, 2005 at 11:43:26PM +0100, Josselin Mouette wrote:

> Le jeudi 10 novembre 2005 à 23:00 +0100, Adeodato Simó a écrit :
> > * Josselin Mouette [Thu, 10 Nov 2005 22:45:20 +0100]:
> >
> > > (And don't tell me to use pbuilder, I don't have the disk space nor the
> > > bandwidth for it.)
> >
> >   Why bandwidth? Several systems exist to cache debs so they don't have
> >   to be fetched from the net each time they're used (apt-cacher,
> >   apt-proxy, or even a shared /var/cache/apt/archives).
>
> And here comes the lack of disk space...
Why not get someone else that has sufficient bandwidth/diskspace to
build it in a pbuilder and upload for you?

-Roberto
--
Roberto C. Sanchez
http://familiasanchez.net/~roberto

attachment0 (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: gnome-swallow_1.2-2_source.changes REJECTED

Roberto C. Sanchez
In reply to this post by Peter Samuelson
On Thu, Nov 10, 2005 at 04:49:08PM -0600, Peter Samuelson wrote:

>
> [Josselin Mouette]
> > I can't see the rationale for rejecting source uploads, and they used
> > to be accepted in the past.
>
> It's the first line of defense against people uploading things that
> don't build, wasting various infrastructure resources.
>
> Perhaps what you need is for someone to set up an autobuilder queue
> that doesn't upload packages but just returns them to you somehow, with
> logs, so you can sign and upload yourself.  Of course this autobuilder
> queue should be under control of Debian developers, lest we have
> another round of flames about uploading untrusted binaries.
>
I don't want to speak for him, but Anibal has a pbuilder that he kindly
let me use while he was sponsoring my packages.  I just had to email the
URL to the .dsc file to pbuilder@hisdomain and then it would download,
build and email me the report.  Maybe he (or someone else) would be
willing to make something like that more widely available.

If nothing else, maybe someone can provide the recipe and then someone
else can set one up.

-Roberto

--
Roberto C. Sanchez
http://familiasanchez.net/~roberto

attachment0 (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: gnome-swallow_1.2-2_source.changes REJECTED

Josselin Mouette
In reply to this post by Roberto C. Sanchez
Le jeudi 10 novembre 2005 à 17:49 -0500, Roberto C. Sanchez a écrit :
> Why not get someone else that has sufficient bandwidth/diskspace to
> build it in a pbuilder and upload for you?

That's the obvious solution, but it just makes things more complicated.
I was wondering the rationale behind refusing source-only uploads.
Working around human issues by removing functionality has never proved
to be efficient.
--
 .''`.           Josselin Mouette        /\./\
: :' :           [hidden email]
`. `'                        [hidden email]
  `-  Debian GNU/Linux -- The power of freedom

Reply | Threaded
Open this post in threaded view
|

Re: gnome-swallow_1.2-2_source.changes REJECTED

Frank Lichtenheld
In reply to this post by Josselin Mouette
On Thu, Nov 10, 2005 at 10:45:20PM +0100, Josselin Mouette wrote:
> I can't see the rationale for rejecting source uploads, and they used to
> be accepted in the past.

AFAIK, this is false. Source-only uploads were never allowed in Debian.

Gruesse,
--
Frank Lichtenheld <[hidden email]>
www: http://www.djpig.de/


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: gnome-swallow_1.2-2_source.changes REJECTED

Joerg Jaspert
In reply to this post by Josselin Mouette
On 10469 March 1977, Josselin Mouette wrote:

>> Rejected: source only uploads are not supported.
> I can't see the rationale for rejecting source uploads, and they used to
> be accepted in the past.

Because people then fuck up their packages even more.

No, they havent been accepted in the past. Ubuntu does that, Debian not.

--
bye Joerg
<dilinger> i just managed to procrastinate an extra 30 mins by reading
                   an article on how not to procrastinate


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: gnome-swallow_1.2-2_source.changes REJECTED

Brian Nelson
Joerg Jaspert <[hidden email]> writes:

> On 10469 March 1977, Josselin Mouette wrote:
>
>>> Rejected: source only uploads are not supported.
>> I can't see the rationale for rejecting source uploads, and they used to
>> be accepted in the past.
>
> Because people then fuck up their packages even more.
>
> No, they havent been accepted in the past. Ubuntu does that, Debian not.

Oh, so Ubuntu packages are fucked up more by their maintainers more than
Debian packages are?

--
Captain Logic is not steering this tugboat.


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: gnome-swallow_1.2-2_source.changes REJECTED

Bernd Eckenfels
In reply to this post by Josselin Mouette
In article <[hidden email]> you wrote:
> Why is this the case ? I'm running with experimental GNOME packages; if
> I upload a binary package depending on them, it will be uninstallable on
> unstable systems.

How can you test your packages if you dont build them?

Gruss
Bernd


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: gnome-swallow_1.2-2_source.changes REJECTED

Daniel Kobras
In reply to this post by Joerg Jaspert
On Fri, Nov 11, 2005 at 12:18:00AM +0100, Joerg Jaspert wrote:
> On 10469 March 1977, Josselin Mouette wrote:
> > I can't see the rationale for rejecting source uploads, and they used to
> > be accepted in the past.
>
> Because people then fuck up their packages even more.
>
> No, they havent been accepted in the past. Ubuntu does that, Debian not.

They were accepted by katie in the past, but strongly discouraged by the
i386 buildd admin. Been there, done that. Nowadays, I think that
pbuilder and friends have mostly alleviated the need for source-only
uploads, but Josselin seems to disagree.

Daniel.


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: gnome-swallow_1.2-2_source.changes REJECTED

Josselin Mouette
In reply to this post by Bernd Eckenfels
Le vendredi 11 novembre 2005 à 00:55 +0100, Bernd Eckenfels a écrit :
> In article <[hidden email]> you wrote:
> > Why is this the case ? I'm running with experimental GNOME packages; if
> > I upload a binary package depending on them, it will be uninstallable on
> > unstable systems.
>
> How can you test your packages if you dont build them?

I can test the version I have built against experimental GNOME
libraries. They don't differ much from unstable ones, but the shlibs
were bumped.

For me, it's exactly similar to the fact I can't test packages on
architectures other than mine.
--
 .''`.           Josselin Mouette        /\./\
: :' :           [hidden email]
`. `'                        [hidden email]
  `-  Debian GNU/Linux -- The power of freedom

signature.asc (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: gnome-swallow_1.2-2_source.changes REJECTED

Olaf van der Spek-2
In reply to this post by Peter Samuelson
On 11/10/05, Peter Samuelson <[hidden email]> wrote:
>
> [Josselin Mouette]
> > I can't see the rationale for rejecting source uploads, and they used
> > to be accepted in the past.
>
> It's the first line of defense against people uploading things that
> don't build, wasting various infrastructure resources.

Shouldn't that be dealt with by having the infrastructure first deal
with packages that have already been build on other architectures?

> Perhaps what you need is for someone to set up an autobuilder queue
> that doesn't upload packages but just returns them to you somehow, with
> logs, so you can sign and upload yourself.  Of course this autobuilder
> queue should be under control of Debian developers, lest we have
> another round of flames about uploading untrusted binaries.

I think it has been suggested before to simply route the uploaded
binaries to /dev/null and rebuild anyway.
Reply | Threaded
Open this post in threaded view
|

Re: gnome-swallow_1.2-2_source.changes REJECTED

Peter Samuelson
In reply to this post by Brian Nelson

[Brian Nelson]
> Oh, so Ubuntu packages are fucked up more by their maintainers more
> than Debian packages are?

Yes, or so it's been alleged.
Not being a user of ubuntu unstable, I can't confirm or deny.

signature.asc (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: gnome-swallow_1.2-2_source.changes REJECTED

Jose Carlos Garcia Sogo
In reply to this post by Josselin Mouette
El jue, 10-11-2005 a las 23:43 +0100, Josselin Mouette escribió:

> Le jeudi 10 novembre 2005 à 23:00 +0100, Adeodato Simó a écrit :
> > * Josselin Mouette [Thu, 10 Nov 2005 22:45:20 +0100]:
> >
> > > (And don't tell me to use pbuilder, I don't have the disk space nor the
> > > bandwidth for it.)
> >
> >   Why bandwidth? Several systems exist to cache debs so they don't have
> >   to be fetched from the net each time they're used (apt-cacher,
> >   apt-proxy, or even a shared /var/cache/apt/archives).
>
> And here comes the lack of disk space...
  Sorry, Joss, but I can't believe disk space can be a problem nowadays.
Of course you can be short of disk space, but a 160GB HDD is quite
affordable, and you can cache Debian lot of times there.

  Cheers,

--
Jose Carlos Garcia Sogo
   [hidden email]

signature.asc (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: gnome-swallow_1.2-2_source.changes REJECTED

Pierre THIERRY
In reply to this post by Josselin Mouette
Scribit Josselin Mouette dies 10/11/2005 hora 22:45:
> Le jeudi 10 novembre 2005 à 13:32 -0800, Debian Installer a écrit :
> > Rejected: source only uploads are not supported.
> I can't see the rationale for rejecting source uploads, and they used
> to be accepted in the past.

And I see a rationale for allowing them: what prevents a DD to upload
binaries that include exploits or some trojan code, along with a clean
source?

Isn't a buildd compilation more secure WRT this issue? (I don't try to
say it's perfectly secure, I think admins of the buildd could do the
trick also...)

I suspect that is has already been discussed, so could someone give me
URIs of messages/web pages on the subject if it is the case?

BTW, is there any infrastructure to check against that? Would it be
possible, or consume way much of resources (and first CPU of the
buildd)?

Doubtfully,
Nowhere man
--
[hidden email]
OpenPGP 0xD9D50D8A

signature.asc (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: gnome-swallow_1.2-2_source.changes REJECTED

Manoj Srivastava
On Sat, 12 Nov 2005 02:29:56 +0100, Pierre THIERRY <[hidden email]> said:

> Scribit Josselin Mouette dies 10/11/2005 hora 22:45:
>> Le jeudi 10 novembre 2005 à 13:32 -0800, Debian Installer a écrit :
>> > Rejected: source only uploads are not supported.
>> I can't see the rationale for rejecting source uploads, and they
>> used to be accepted in the past.

> And I see a rationale for allowing them: what prevents a DD to
> upload binaries that include exploits or some trojan code, along
> with a clean source?

> Isn't a buildd compilation more secure WRT this issue? (I don't try
> to say it's perfectly secure, I think admins of the buildd could do
> the trick also...)

        Of Robert Pike C compiler trojan trick ...

        You gotta start trusting somewhere. Our web of trust starts
 with the Developers in the keyring, we trust these people not to muck
 with the binaries.

        manoj
--
The more the change, the more it is the same thing.  -- Alphonse Karr
Manoj Srivastava   <[hidden email]>  <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: gnome-swallow_1.2-2_source.changes REJECTED

Josselin Mouette
In reply to this post by Jose Carlos Garcia Sogo
Le vendredi 11 novembre 2005 à 23:19 +0100, Jose Carlos Garcia Sogo a
écrit :
>   Sorry, Joss, but I can't believe disk space can be a problem nowadays.
> Of course you can be short of disk space, but a 160GB HDD is quite
> affordable, and you can cache Debian lot of times there.

I can't believe I'm reading this.
--
 .''`.           Josselin Mouette        /\./\
: :' :           [hidden email]
`. `'                        [hidden email]
  `-  Debian GNU/Linux -- The power of freedom

signature.asc (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: gnome-swallow_1.2-2_source.changes REJECTED

Josselin Mouette
In reply to this post by Pierre THIERRY
Le samedi 12 novembre 2005 à 02:29 +0100, Pierre THIERRY a écrit :
> And I see a rationale for allowing them: what prevents a DD to upload
> binaries that include exploits or some trojan code, along with a clean
> source?

It was already suggested to accept only source+binary uploads, but to
rebuild the binaries on the upload's architecture anyway.
--
 .''`.           Josselin Mouette        /\./\
: :' :           [hidden email]
`. `'                        [hidden email]
  `-  Debian GNU/Linux -- The power of freedom

signature.asc (196 bytes) Download Attachment
12