On Mon, Mar 14, 2005 at 01:49:24PM +0000, Colin Watson wrote: > On Mon, Mar 14, 2005 at 11:11:55AM +0100, Sven Luther wrote: > > On Mon, Mar 14, 2005 at 02:12:48AM -0800, Thomas Bushnell BSG wrote: > > > Where human delay did come into play was in getting the xfree86 mess > > > cleaned; in theory it should have taken one or two days, but in > > > practice it took much longer. > > > > Why not fully eliminate the human factor ? Ubuntu does automated build from > > source only uploads, the package sources are built and signed by a > > developer, > > autobuilt on all arches, and i don't believe they are individually signed > > after that. > > Ubuntu is in the happy situation of having a system in a DMZ - i.e. not > network-accessible in general without having to get through other > barriers first - with very few login accounts and full-time maintenance > on which to do auto-signing, and similar systems to act as buildds. > Debian isn't remotely in that position. Auto-signing requires a great > deal of care and thought before blindly enabling it, and certainly it > must not happen on a generally network-accessible machine and it > probably shouldn't happen while the buildds remain generally > network-accessible.
Ok, i understand that, but still the main point is that debian currently doesn't accept source-only uploads, as ubuntu has done a policy of doing. I believe that it should be possible for the tier 1 arches to get a similar setup than what ubuntu does, and there should be nothing stopping us from setting up something accessible for the tier2 buildd networks. We just need to come up with a policy for this, and not just say no to start with. As we are 'dropping' tier 2 arches anyway, we are handing over the responsability to whoever will take over these ports maintenance anyway. > We were in a bad enough situation during the server compromise when it > was discovered that some developers had inadvertently left their private > GPG keys on network-accessible machines with lots of login accounts. > Surely you acknowledge that as a mistake by those developers, and not > something we should be encouraging by making it an essential part of our > infrastructure? Yes, but that is no reason to say that we can't do it, just that we have to be carefull about it. I personally will gladly get donation for any number of needed powerpc boxes needed for setting up such a fully automated buildd infrastructure, like ubuntu has. This would need 3 machines with lot of disk and memory space, i guess, given the N+1 and N <= 2 numbers. But then, there remains the fact that such an infrastructure was strongly vetoed by the ftp-master last time it was brought upon a couple years ago i think it was. Friendly, Sven Luther -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
