Web lists-archives.com

Re: Moving away from (unsupportable) FusionForge on Alioth?




On Tue, May 16, 2017 at 10:25:54AM +0800, Paul Wise wrote:
> On Tue, May 16, 2017 at 12:39 AM, Antonio Terceiro wrote:
> 
> > Right. IIRC that was said to me at Debconf16 about Debian-specific
> > services (such as ci.debian.net which was the context of my question).
> 
> Yeah, for codebases maintained by the service maintainer not having
> packages seems reasonable (but not for dependencies of that codebase)
> and that seems to be the current feeling within DSA.
> 
> Personally I'm leaning towards the feeling that all configuration,
> code and dependencies for Debian services should be packaged and
> subjected to the usual Debian QA activities but I acknowledge that the
> current archive setup (testing migration plus backporting etc) doesn't
> necessarily make this easy. The PPA/bikeshed mechanism might make it
> more feasible if that happens.

That makes sense.

I am currently working on a personal project that involves deployment to
my private server. I have Debian packaging for it, and I have a make
target that will take the most current code, apply the Debian packaging,
build a binary package, scp it to my server, and install it.  Whenever I
am ready to deploy a new version, doing it is just on command away.

An alternative to waiting for bikesheds and for waiting for the full
archive dance could be DSA providing a similar system for service
maintainers. They would upload one or more binary packages (alongside a
signed .changes, and maybe we also want the corresponding full source)
for their service. On the receiving end, the system would install those
binary packages after verifying signatures, and perhaps also a whitelist
of binary packages that the service maintainer in question can submit.

Attachment: signature.asc
Description: PGP signature