[maemo-developers] Ask for removal of some packages from Extras Fremantle repository
From: Graham Cobb g+770 at cobb.uk.netDate: Mon Mar 22 17:22:13 EET 2010
- Previous message: Ask for removal of some packages from Extras Fremantle repository
- Next message: Ask for removal of some packages from Extras Fremantle repository
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Monday 22 March 2010 14:30:00 Matan Ziv-Av wrote: > On Mon, 22 Mar 2010, Graham Cobb wrote: > > I just don't see how using your own repository is actually any **better** > > than just using extras-devel? > > There are a few problems with extras-devel: > > - There are way too many warnings all over the place (mailing list, > wiki, talk), so some users might be be reluctant to use this > repository. This will be true even more so for private repositories. If/when they become at all common, there will be warnings all over the place about not downloading things from private repositories. The biggest problem with private repositories is that there are no guarantees that the binary being installed bears any relationship to the sources offered (if any), or how securely the maintainer manages the repository, so people will start to worry about security/viruses/trojans. Plus a concern that "if this was legitimate, why wouldn't the developer use the community channels?". Please note that I am certainly **not** suggesting that you, or Benoit, are at all unreliable or incapable of managing a secure repository, but that people will worry about the risks at least as much as they do about extras-devel. > - Some of the warnings are true, so asking people to use this repositort > might expose them to unwanted updates. Yes. But using a private repository might expose them to updates where no one can even work out what happened when it breaks. > - autobuilder is too limited - currently you can't compile packages that > depend on versions in PR1.1. That is a short term problem which only affects a tiny number of packages. It is not a reason for removing something from extras-devel. If a similar problem occurs in the future and affects many packages, a solution will be implemented, just as it is being for PR1.2. > - You can't easily remove a package from extras-devel. (Or maybe at all? > I asked for a package to be removed two weeks ago. It is still there). Contact the debmaster (Jeremiah) by direct email. > - Using extras-devel might lock packages, preventing users that install > packages from this repository to later update them from another > repository. That is true. Although the user just has to remove the package and re-install it, instead. > That said, I prefer to have my packages available both in my repository > and in extras-devel, when it is possible. I also have private repositories, for my own testing and for other members of upstream projects (such as GPE) to do testing before I even push something into extras-devel. But that is not the same as publishing that location for end-users. Graham
- Previous message: Ask for removal of some packages from Extras Fremantle repository
- Next message: Ask for removal of some packages from Extras Fremantle repository
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]