Author: Daniel Reurich Date: To: devuan developers internal list Subject: Re: [devuan-dev] New packages for reportbug and python-reportbug
> can you please share the access to the ci.devuan.org authorisation
> mechanism?
> It is well shared.
The problem is the process of getting a package successfully building is
difficult enough for those of us that know, and pretty impossible for
those that don't. I often end up having to hand tweak jobs in
ci.devuan.org to get them to a buildable state, and there are other
difficulties with this.
Also this is where we need to be pretty careful with what is built
directly for jessie and ascii due to the fact that we have no hold over
period to test packages before they hit the archive.
I have been firming up plans that make this process much more simple but
it's a fairly significant set of changes and I don't want to attempt it
before we have Jessie out the door.
> all places of administration in our infrastructure should have at
> least three core developers holding access.
I'm pretty sure that there is plenty with access but really only me and
nextime have the knowledge to pull this off. I want to share it, but
it's embarrasingly arcane.
Another significant issue (highlighted again in this case is the failure
to base the package of the VCS based source. Instead I find here again
another example that despite KatolaZ claimed reading of my pretty
explicit instructions on this point, he failed to follow the
instruction, and I don't think we should accept any packages that don't
have the full history.
The reason for the VCS source requirement is obvious. Security and
auditability of the code base and being able to quickly isolate when a
bug was introduced (and how and who did it) - even if it was long before
Devuan's existance. Additionally it is the best way to prove we have a
pristine source that correlates with upstream with no slipped in
modifications.