[maemo-developers] Ask for removal of some packages from Extras Fremantle repository

From: Till Harbaum / Lists lists at harbaum.org
Date: Mon Mar 22 21:55:33 EET 2010
Hi,

why should you have to continue to provide the sources once you removed the binaries?

And why should you insist on uploading old versions to maemo respositories which a) just ignores the authors wishes and worse b) interferes with his work on establishing his own repository.

Let him his freedom. Let him start his own repository and just see if he fails and ends up on those "warning, this repository is dangerous" lists or if he perhaps succeeds and ends as "the famous community driven repository that is more reliable and causes less anger and has cooler apps than the maemo repositories"? 

Who knows? Why not just letting him do this? Don't take all this so serious! Heck, it's only a cell phone we are talking about. It's not the end of the world if someone actually has fun messing with its possibilities.

Till

Am Montag 22 März 2010 schrieb Darren Long:
> Presumably the source must continue to be available from the extras repositories, even after the package binaries have been removed, assuming its under the GPL, which e.g. Pygtkeditor is.
> 
> I'd suggest not removing the binary packages from extras, on the grounds that they don't have to be removed, and that maemo.org is free to distribute them if we/they so wish.
> 
> Furthermore, there is no reason why someone from maemo.org shouldn't push source packages from  other repositories into extras* to keep them up to date and readily available in the maemo context.  This is true for any upstream free package  in general, and equally true for any desirable package that just so happens to have been pulled from extras on a whim.
> 
> No disrespect to Benoit intended.
> 
> Darren
> 
> On 22 Mar 2010, at 15:22, Graham Cobb wrote:
> 
> > On Monday 22 March 2010 14:30:00 Matan Ziv-Av wrote:
> >> On Mon, 22 Mar 2010, Graham Cobb wrote:
> >>> I just don't see how using your own repository is actually any **better**
> >>> than just using extras-devel?
> >> 
> >> There are a few problems with extras-devel:
> >> 
> >> - There are way too many warnings all over the place (mailing list,
> >>   wiki, talk), so some users might be be reluctant to use this
> >>   repository.
> > 
> > This will be true even more so for private repositories.  If/when they become 
> > at all common, there will be warnings all over the place about not 
> > downloading things from private repositories.  The biggest problem with 
> > private repositories is that there are no guarantees that the binary being 
> > installed bears any relationship to the sources offered (if any), or how 
> > securely the maintainer manages the repository, so people will start to worry 
> > about security/viruses/trojans.  Plus a concern that "if this was legitimate, 
> > why wouldn't the developer use the community channels?".
> > 
> > Please note that I am certainly **not** suggesting that you, or Benoit, are at 
> > all unreliable or incapable of managing a secure repository, but that people 
> > will worry about the risks at least as much as they do about extras-devel.
> > 
> >> - Some of the warnings are true, so asking people to use this repositort
> >>   might expose them to unwanted updates.
> > 
> > Yes.  But using a private repository might expose them to updates where no one 
> > can even work out what happened when it breaks.
> > 
> >> - autobuilder is too limited - currently you can't compile packages that
> >>   depend on versions in PR1.1.
> > 
> > That is a short term problem which only affects a tiny number of packages.  It 
> > is not a reason for removing something from extras-devel.
> > 
> > If a similar problem occurs in the future and affects many packages, a 
> > solution will be implemented, just as it is being for PR1.2.
> > 
> >> - You can't easily remove a package from extras-devel. (Or maybe at all?
> >>   I asked for a package to be removed two weeks ago. It is still there).
> > 
> > Contact the debmaster (Jeremiah) by direct email.
> > 
> >> - Using extras-devel might lock packages, preventing users that install
> >>   packages from this repository to later update them from another
> >>   repository.
> > 
> > That is true.  Although the user just has to remove the package and re-install 
> > it, instead.
> > 
> >> That said, I prefer to have my packages available both in my repository
> >> and in extras-devel, when it is possible.
> > 
> > I also have private repositories, for my own testing and for other members of 
> > upstream projects (such as GPE) to do testing before I even push something 
> > into extras-devel.  But that is not the same as publishing that location for 
> > end-users.
> > 
> > Graham
> > _______________________________________________
> > maemo-developers mailing list
> > maemo-developers at maemo.org
> > https://lists.maemo.org/mailman/listinfo/maemo-developers
> 
> _______________________________________________
> maemo-developers mailing list
> maemo-developers at maemo.org
> https://lists.maemo.org/mailman/listinfo/maemo-developers
> 

More information about the maemo-developers mailing list