On Mon, Mar 15, 2010 at 01:23:33PM +0000, Jonathan Lange wrote: > On Sun, Mar 14, 2010 at 9:45 PM, Michael Hudson > <[email protected]> wrote: > > Jonathan Lange wrote: > >> Hello, > >> > ... > >> > >> I'd like to upgrade zope.testing and take advantage of their better > >> subunit support, but that requires upgrading subunit too. > >> > >> We currently maintain subunit as a sourcecode dependency. We manage it > >> in the branch lp:~launchpad-pqm/subunit/trunk. That branch is a > >> KnitPackRepository. subunit trunk is a 2a repository. > >> > >> If I naively change sourcedeps.conf like so: > >> @@ -12,7 +12,7 @@ > >> -subunit lp:~launchpad-pqm/subunit/trunk;revno=61 > >> +subunit lp:~subunit/subunit/trunk;revno=120 > >> > >> I get incompatible repository errors. > >> > >> subunit is not a Python package. It's built with autotools, and thus > >> making an egg for it is beyond my ken and maybe inappropriate. > >> > >> Which leaves me with a bunch of questions: > >> > >> 1. Changing sourcedeps.conf to point to a branch that's not managed by > >> our PQM is OK, isn't it? After all, we still have to pass the tests to > >> change the revno of the branch, so we aren't losing any safety afaict. > > > > As Max said, we are losing some safety. Not sure how much or how much > > we care. > > > > I think we don't care.
I think we should care, since this opens up the possibility for people to change what is being run on our production systems, without us knowing about it. Sure, for this particular branch it should be safe. But it's easier to have a policy of "point only to branches owned by ~launchpad-pqm", rather than "point only to branches owned by ~launchpad-pqm, unless we trust the branch". The latters leaves an example that it's ok to point to foreign branches that we don't have any control of. -- Björn Tillenius | https://launchpad.net/~bjornt _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
