Hi Simon,
On 2025-02-07 10:08:31, Simon Josefsson wrote:
Romain Francoise <[email protected]> writes:
On Fri, Feb 7, 2025 at 3:16 AM Arnaud Rebillout <[email protected]> wrote:
With my Kali Linux developer hat on, yes. These tools are widely
used in Kali, and we (Kali team) are active contributors in the
Debian's pkg-security team. Having those tools here will make it
easier for us to fix/update it.
Sure. If one of the team owners on Salsa can add me to the group, I'll
move the repos there. I was not using gpb and the repos are not in
DEP-14 format, so some menial cleanup work will be necessary.
Would you consider moving them to /debian/ instead?
I think moving around git repositories on Salsa depending on which group
packages are in is counter productive. For me, I move the packages that
I bring to pkg-security into the /debian/ namespace, because that
namespace is more likely to be stable over time. And then there is no
need to fiddle around with GitLab permissions since all DD's have access
to the repository.
I see your point. But there is also a downside of this approach. There
are mainly three things that come to my mind:
- I watch all packages below /pkg-security-team for merge requests while
I do not do that for /debian (simply because of the large number of
packages below /debian). I. e. security tools packages below /debian get
less attention from my side. Of course I could watch individual security
tools packages below /debian but keeping track of them is tedious. If
the same holds for other team members, this might be disadvantageous for
new contributors.
- Different namespaces for security tools packages make common
maintenance tools like [0] more cumbersome.
- Salsa team membership for pkg-security-team is not strictly tied to
being a DD. Historically there have been people becoming salsa team
members prior to becoming a DD if this seemed reasonable given their
track records.
I agree with Samuel that balancing pros and cons of the two approaches
might be a good topic for face-to-face discussions at DebConf.
Best regards
Peter
[0] https://salsa.debian.org/pkg-security-team/pkg-security-team
