On Wed, May 04, 2011 at 01:23:12AM -0400, Scott Kitterman wrote: > On Wednesday, May 04, 2011 12:16:54 AM Paul Tagliamonte wrote: > > On Wed, May 4, 2011 at 12:02 AM, Julien Valroff <jul...@debian.org> wrote: > > > Le mercredi 04 mai 2011 à 00:02:01 (+0200 CEST), René Mayorga a écrit : > > >> On Tue, May 03, 2011 at 11:30:41PM +0200, Stefano Zacchiroli wrote: > > >> > After all, in that respect what is the difference between that and > > >> > unofficial APT repositories that many of us already maintain at > > >> > people.d.o/~something or something.debian.net? Do you want to shut > > >> > them down as well? > > >> > > >> no, I was expressing over the PPA as an official services that allow > > >> users to upload any package without any quality control. > > > > > > AFAIU, only DD and DM could create PPA and upload to them. If this is not > > > the case, then I share your fears. > > > > Usage of the PPA system on LP requires that you agree to the usage > > terms (not unlike machine usage policies for Debian). > > > > We let non-MOTU upload to their own PPAs (has their name in the URL), > > and if nonfree (or malicious) packages are uploaded, they can have PPA > > rights removed. > > > > There's been one issue I can recall, and it was only a very very > > slight DFSG technicality. > > That depends on what you mean by 'issue'. I think exactly the issues that > concern some people in Debian about packages of 'poor quality' being > generated > in an uncontrolled PPA system are happening with regularity in Ubuntu. > Although it doesn't happen every week or anything, it's happened more often > than I can recall that someone files a bug in Ubuntu about broken PPA > packages > done by some random non-developer. I believe Debian is quite correct to be > concerned about the potential for user confusion and damage to Debian's > reputation for high quality work. > > PPAs as a developer tool are one thing, PPAs as a tool for random uploads, I > think are quite another. I'd hate to see Debian make the same mistake that > Canonical did in this regard.
Add to that that allowing random people to upload packages to be built on Debian build daemons is a recipe to have the buildds compromised. Mike -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110504055747.gb3...@glandium.org