Paul,

On Mon, 2011-07-04 at 11:36 +0100, Paul Wise wrote:
> On Mon, Jul 4, 2011 at 11:27 AM, Kilian Krause <kil...@debian.org> wrote:
> 
> > That exactly was my idea too. To ship a source that is known and can be
> > predicted regarding changes. If a security upload would be required but
> > autoconf generates a broken configure due to some circumstances that
> > couldn't be predicted at time the package was uploaded to unstable this
> > is bad and will cause more time to be spent than what would actually be
> > required for *only* fixing the bug.
> 
> Which is why we should rebuild from source as often as possible to
> catch those issues.

Seconded.


> > In other words I did say: generate whatever dh-autoconf would get you
> > dynamically, test it, put it together as a patch and ship that patch
> > statically for everyone to read what exactly the change is instead of
> > hushing it up inside a large set of deep magic (that in my experience
> > may or may not work based on "random" circumstances - depending on the
> > upstream sources).
> 
> That sounds like something that goes against the spirit of our social
> contract, specifically "We will not hide problems". By shipping a
> pre-built build system you are papering over any autotools bugs; those
> should be known and fixed instead.

I would say there's a difference between "hiding a problem" and calling
for one. 

But as already explained, maybe the situation has improved and things go
smoothly now. I'll be looking into this once time permitting.

-- 
Best regards,
Kilian

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to