On Fri, Feb 09, 2007 at 01:52:20PM +0100, Reinhard Tartler wrote: > Bill Allombert <[EMAIL PROTECTED]> writes: > > > The Debian project resolves that Debian developers allowed to perform > > combined source and binary packages uploads should be allowed to perform > > binary-only packages uploads for the same set of architectures. > > The use case I imagine at this point is that a maintainer uploads a > library package src+bin (e.g. src+amd64) for his private arch, and after > weeks he notices, that it still has not been built on e.g. sparc yet. So > he decides to start his spare Ultra 1 workstation, builds the package in > his custom environment and uploads it. >
This seems legitimate to me. What's not legitimate is creating an unofficial/untrastable buildd network with the same purpose to manage those things automatically without or with minimal human intervention and also usable by third parties. We have an official network and we need to ensure it has possibly a 99% uptime. Giving the possibility to manage an unknown number of alternative networks which run whenever one likes and with unknown access policies is not a good approach. The security implications of those practices should be evident to anyone. But maybe I'm optimist... -- Francesco P. Lovergine -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]