Hi!

Currently I'm the only maintainer for the GStreamer packages, basically
all on this list here:
  https://qa.debian.org/developer.php?login=gstreamer1.0@packages.debian.org

I'm not planning to maintain them (or any of my other packages) further
in the near future but will keep things running somehow for now because
of the large number of reverse dependencies.

The packages should continue to be team-maintained for the same reason.
I can either add one or more people to the existing GStreamer team, or
I'm also fine with it being moved to a separate team, e.g. the GNOME or multimedia teams.


Thanks!


PS: To preempt any questions as for why, the background for my decision
to stop maintaining any packages is this thread, but it's really just
the straw that broke the camel's back
https://alioth-lists.debian.net/pipermail/pkg-rust-maintainers/2022-August/022938.html


-----BEGIN PGP SIGNATURE-----

iQKTBAABCgB9FiEEf0vHzDygb5cza7/rBmjMFIbC17UFAmMHOGhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDdG NEJDN0NDM0NBMDZGOTczMzZCQkZFQjA2NjhDQzE0ODZDMkQ3QjUACgkQBmjMFIbC 17X2AQ//bctgnqOh22ES8tIYk/9Q2iyaRG+eR4PQqW6FJMqBIn7J5wjPhmZBgM5u 8m+AptwDInSKtrzOM+HLSVBvDnN1iICJDgU7X3lYXzZ1/NFckfGq6ySpnxWM04z2 NaWOxvT0mUB4TCdOKNcg5Q++5ESclvi4U2jXEXaeNkvEJSEyOXlN/+IpUQONLSqr UwMgiBUS7nyWL1EkbMo9d9vSWgRBVjpil9E73xXYhhKdoNLFdNHlokxKCQ7lOgWk iQ2yP4nj9NfKE6GspvEqqnPEyuEWeuiK/rlLCbqZgywwpWbpCJnVIdMMfTjsBCnk vr2H8UV+1LMc3yRpKpKSvikQM2aMXqlLIOboj4bIVB9K0rFW4wNaG1+ml9tRCS2E ngY4tq+DRJh+PMUgYRAh70PMCHenphZbZF2N64XW+64tif3dLoap+OFr7J3Imm5a A3bi+C58SB6KnhdbVtJ6rcKVQMXOSS3Ax9kdxQ04VvT+t6/byYf1XHIhLGE90H4N 3A5MRtq7YLMBBmmlk/YP+gtn3Ej9PkHCz4DA/K/NTFvqb3MNsidq4O1wdcxXgwVh KEg5tovupDoVFg9BghkCIvse7Df8ni+eeAoPt0VSDJT8Wr1dD2MovkKFa7gQoWtM JzwSORlP5bgEwIxi/FbWDGGFsfjlnYdi7JNDrBlp1aMtq1YXNDY=
=jOZr
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On August 25, 2022 10:52:56 AM GMT+02:00, "Sebastian Dröge" <slomo@debian.org> wrote:

PS: To preempt any questions as for why, the background for my decision
to stop maintaining any packages is this thread, but it's really just
the straw that broke the camel's back
https://alioth-lists.debian.net/pipermail/pkg-rust-maintainers/2022-August/022938.html

A bit off-topic, but I think we really ought to discuss (address?) this elephant in the room once more. I don't have the answers, but Sebastian's email yet again clearly illustrates how the status quo is hurting the project. This clear example comes in
addition to worries raised before about what the status quo does to recruitment of new developers.

PS: I do not imply that the elephant in the room is the ftpmasters. I'm thinking of the *process*. The people involved put in admirable work in carrying out said process.


--
Sent from my Android device with K-9 Mail. Please excuse my brevity.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Quoting Gard Spreemann (2022-08-26 08:49:21)

On August 25, 2022 10:52:56 AM GMT+02:00, "Sebastian Dröge" <slomo@debian.org> wrote:

PS: To preempt any questions as for why, the background for my decision
to stop maintaining any packages is this thread, but it's really just
the straw that broke the camel's back
https://alioth-lists.debian.net/pipermail/pkg-rust-maintainers/2022-August/022938.html

A bit off-topic, but I think we really ought to discuss (address?) this elephant in the room once more. I don't have the answers, but Sebastian's email yet again clearly illustrates how the status quo is hurting the project. This clear example comes in

addition to worries raised before about what the status quo does to recruitment of new developers.

PS: I do not imply that the elephant in the room is the ftpmasters. I'm thinking of the *process*. The people involved put in admirable work in carrying out said process.

The way I see it, the process is clear: provide *source* to build from.

If there is "source" built from another source, then that other source
is the true source.

If ftpmasters sometimes approve intermediary works as source, then that
is not a reason to complain that they are inconsistent - it is a reason
to acknowledge that ftpmasters try their best just as the rest of us,
and that the true source is the true source regardless of misssing it sometimes.

Yes, this is painful. Yes, upstreams sometimes consider us stupid to
care about this. Nothing new there, and not a reason to stop do it.

If you disagree, then please *elaborate* on what you find sensible -
don't assume we all agree and you can only state that the process is an elephant.


Kind regards,

- Jonas

--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/

[x] quote me freely [ ] ask before reusing [ ] keep private --==============U59024909361267446=MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Description: signature
Content-Type: application/pgp-signature; name="signature.asc"; charset="us-ascii"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmMIcaUACgkQLHwxRsGg ASEjERAAqufIZEO4WStYIwhxgeCRcbeVnMInj1v+AflntpNckkfzR3MIaZPN+1gk TMhfX3sRiC83qTIs3+RGzC+iGd/Z34g0M81mo8mehRbKlFysbwujKS0mMnqFlgt7 RRcLJGuYwKKh9xI+zdabT8V1xG9U2WBACY/+YmWq/zClQjqplmPbUY6VFlowhRlg wSkCeUM9htyjRgq3HAHPdKupsvXM39OAyRSycbYd8qD7XwmmN/RH+a9itHZEErC7 G1hOYoMD+cJxh3MSkp6jaIxlGAf/ZacQTi5dv0ejamkv7KfipBleLmsxb4/plzrU Y0NjaBj3AKWoehgjchnMc3+iXztIcdWXkqhfvrYacy0JIQ7qYDwUipVTDErd4sSv yiF9rlZaKMtpTbovr6A5uPhF2lGFl5P9+knUzaPa0CFiv38rW5ojY7pKXdax4CSu MfrYCNEM7Uzqc4Iq5uSC586pSMPEbTCAway9WcGUZG+0c1X1J0rS75jl4oz4UK4/ wR5whuAPpurQGWb/g

Jonas Smedegaard <jonas@jones.dk> writes:

Quoting Gard Spreemann (2022-08-26 08:49:21)

On August 25, 2022 10:52:56 AM GMT+02:00, "Sebastian Dröge" <slomo@debian.org> wrote:

PS: To preempt any questions as for why, the background for my decision
to stop maintaining any packages is this thread, but it's really just
the straw that broke the camel's back
https://alioth-lists.debian.net/pipermail/pkg-rust-maintainers/2022-August/022938.html

A bit off-topic, but I think we really ought to discuss (address?)
this elephant in the room once more. I don't have the answers, but
Sebastian's email yet again clearly illustrates how the status quo
is hurting the project. This clear example comes in addition to
worries raised before about what the status quo does to recruitment
of new developers.

PS: I do not imply that the elephant in the room is the
ftpmasters. I'm thinking of the *process*. The people involved put
in admirable work in carrying out said process.

The way I see it, the process is clear: provide *source* to build from.

If there is "source" built from another source, then that other source
is the true source.

If ftpmasters sometimes approve intermediary works as source, then that
is not a reason to complain that they are inconsistent - it is a reason
to acknowledge that ftpmasters try their best just as the rest of us,
and that the true source is the true source regardless of misssing it sometimes.

Yes, this is painful. Yes, upstreams sometimes consider us stupid to
care about this. Nothing new there, and not a reason to stop do it.

If you disagree, then please *elaborate* on what you find sensible -
don't assume we all agree and you can only state that the process is an elephant.

Apologies, I should have been a lot clearer. I did not mean the exact
issue of what is the "true source" of something in a package. Rather, I
was referring to the process itself (looking in particular to the last
three paragraphs and the PS in Sebastian's linked email [1]). Whatever
the correct answer to what a "true source" is, in the current process, a developer has to make an attempt at doing the right thing, and then wait
*weeks or possibly months* to know for sure whether it was OK. And if
it's deemed not OK, the reasoning may be entirely specific to the exact
package and situation at hand, and therefore extremely hard to
generalize and to learn from. (Do not construe the above as "ftpmasters
should work faster and give more lengthy reasoning!" – adding *more*
work to the process would make things even worse in my opinion.)

Although I maintain a very small number of packages, and ones that also
very rarely have to re-clear NEW, even I feel sapped of motivation from
the process. And I read Sebastian's email partly as an expression of the
same thing (apologies if I misconstrue your views, Sebastian). I do
believe similar points of view have been aired on the list before by
others too.

As to your last point, elaborating on what I find sensible: I sadly
don't have a good suggestion. I do believe it is possible to point out
that the status quo is harmful without knowing how to sensibly fix it,
though. That's what discussions are for :-)

I am presently unable to find the message I'm thinking of, but I seem to
recall one proposal being raised in the past: trust that a developer has
done everything right, and introduce a class of bugs that can cause
complete removal from the archive instead. Afterall, we do assume that
the developer does the technical things correctly, until such a time as
a bug is filed. Could we not also make the same assumptions for Policy
and Social Contract things?


[1] https://alioth-lists.debian.net/pipermail/pkg-rust-maintainers/2022-August/022938.html


Best,
Gard


--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEz8XvhRCFHnNVtV6AnRFYKv1UjPoFAmMIeFESHGdzcHJAbm9u ZW1wdHkub3JnAAoJEJ0RWCr9VIz6ll0P/3+xMP1gXRcqqE+5cqXRlye9JYlLkYwk gqESuigisTFmAfvmaMgA4E4XuVJAQQ56RcIMtBs+dKtvLuIR3rMw2PyEH8ItRjiv vMgII7HgU2WY1A2MCbR+LdnhmeuZnKJUDzpn2HcDxBUUgov4SAwow8ZuLbmibcg+ Mu3jS2BEvX+DZoxbp9j1dG4++7/1CIr6sOZ9CJkem0vwvTpEAuoCfaFxUEnu+VGe ERF8p2bNc4KOEgtoP36TzSA3lWHc29gxHYJnd52d3+DoUxDSHnrW1agkWYoiiwWg 01naBu3V3D7Ms+zEOa5+QYgc9EoneZEbkZNfh8QWS/gFw0JmHmbdo2vOUoCXKZvL UJ7kRBoI9lc9DYkLhq67hXnlQ0Hg6HlFe2ZK6ncwrDCFOGrWv9zHxzuzjfdSDexl ySO5rU7+1X4MpT/QxXzYSaFac2Ci0XZUtOejM+0IRCMJ0AI3HUWgLmewehm1Eoko +mS4KSSqBSeA1dv8Hro0yfB941znj2H21WXQSkCBQJW3YguFp2apzdGoC7owZk1q bq+KeelgUdrm5pqRfyjd2Z7kIRds8wQVfPIIlwjIqaY2yHsvd7Y4/eZ9T3g+G9OE qgmAqM0ayf0+XJshjl0dZeyYScFW2afhCo2hzevM4X3vMjmV/1syXAu6kmDKgtuH
e9Q2hBO+3Tlc
=Xocu
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Fri, 26 Aug 2022 at 09:09:25 +0200, Jonas Smedegaard wrote:

The way I see it, the process is clear: provide *source* to build from.

If there is "source" built from another source, then that other source
is the true source.

I hope you agree that we are doing this in order to get some desirable properties of building from source, rather than because the rules are
the rules and we follow them without any critical thinking?
I feel strongly that if our policies are not meeting their goals of
advancing Free Software and providing benefit to our users, then we
should reconsider whether they are the right policies.

I don't think building from the least-derived form is always the right
thing to do. For instance, take rust-glib-sys, a package of Rust bindings
for the GLib library, which is one of the libraries whose handling
prompted this thread. It contains a description of the GLib library's
API/ABI, basically the Rust equivalent of a C header file. It could
have been written by hand, but that would be tedious and error-prone,
so instead its upstream maintainers chose to machine-generate the API/ABI description from GLib. The thing that would be closest to "true source"
would presumably be to redo that machine-generation process, from first principles, at build-time.

However, if we did that by using the version of GLib in the archive,
then the API of the Rust bindings would not be entirely determined
by the content of the rust-glib-sys package as tracked by its version
number, which seems really bad for library stability: you could take
the same version number, build it twice in different environments, and
get two different APIs! rust-glib-sys could have a minimum supported
GLib version, but then would unpredictably have or not have additional
APIs beyond the ones present in that version, depending on the version
of GLib that happened to be installed at build-time.

If the generation process is not always 100% backwards-compatible, which
I suspect it is not, then that just makes it worse: now you can't even
rely on a rebuilt version of rust-glib-sys being compatible with the
version from before it was rebuilt! If the API description is curated by
the upstream maintainers, then they have an opportunity to detect
incompatible changes and release them with a suitably changed version
number, or even as a separate parallel-installable version, so that
dependent projects can migrate at their own pace; but that can't happen
if the API description is generated at build time.

Or, the other way to generate rust-glib-sys from "true source" would be
to bundle a complete copy of GLib source code in it, and generate the
API description from that (which, as an implementation detail of the way
it was done, requires compiling GLib and then introspecting the binary,
and cannot be done while cross-compiling). This is not great from either
a technical or social point of view. From a technical point of view, rust-glib-sys' build system would have to be taught to compile GLib,
which uses a totally different build system (Meson rather then Cargo)
and is quite a large library, resulting in a much slower and less
reliable build. From a social point of view, again, GLib is not small,
and I don't think either the rust-glib-sys maintainer or the ftp team
would welcome the requirement to review another complete copy of GLib, transcribe all its potential copyright holders into debian/copyright
and check that it has been done, and so on.

Generating the API description in a way that does not arbitrarily vary
based on installed software might also require bundling and building a
complete copy of GObject-Introspection, which, again, is not small.

All of this is for a functional interface description, analogous to a C
header file without comments. In other contexts elsewhere in the project,
we rely on the functional parts of an interface description as not being strongly protected by copyright (after all, the whole GNU system started
as a compatible implementation of the interfaces provided by 1980s Unix,
and we have code in Debian that is a compatible reimplementation of
Windows interfaces), and we strongly limit the modifications that we
are prepared to make to interface descriptions (because Free Software
is important to us, we require the technical and legal ability to make modifications, but because API/ABI compatibility is also important to us,
we treat many of those modifications as something that we will refuse
to do unless there is a really compelling reason).

More generally, I don't think it's always useful to talk about "the"
source or "the" preferred form for modification, as though there is only
one. I think it would be more appropriate to consider whether the form
in which some software is provided is suitable for exercising your Free Software rights (as described in the FSF's "four essential freedoms",
for example) within the scope of whatever package we're talking about at
the time, or whether it's unsuitable for that use. If it's suitable, then
it's source, or close enough; if it's unsuitable, then that needs fixing.

If we insist on a particularly puritanical view of what is source and
what is the preferred form for modification, then I think there is a significant risk of producing a distribution which is unquestionably Free Software, but either is missing useful Free software because it would be
too hard to get that software into a form that meets our self-imposed
policies, or can only contain that software as a result of individual developers putting a heroic amount of effort into meeting those policies - particularly if we always go back to the "true source" and generate from
there every time (which I will note that the ftp team specifically do not insist on unless there is a technical reason to do so, they merely require source to be *available*).

If we require contributors to do a considerable amount of work that
does not advance the project's goals, at best that's a waste of our most limited resource (developers' time and motivation), and at worst it's a
recipe for burned-out contributors, which we absolutely should not want,
both because we're a community that cares about the well-being of our contributors (or at least I hope we are!) and because even from a purely amoral/utilitarian point of view, contributors giving up on the project
harm our ability to achieve our goals.

smcv

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed Aug 24 23:20:30 BST 2022, Sean Whitton wrote:

I'm afraid I cannot respond to a message of this length. As I
mentioned previously, all the ftpteam really have the bandwidth to do
is process what's in NEW.

* This is more concerning than its indirect effect on uploader motivation
* Many thanks for what they do, and a successful decade of recruitment
https://web.archive.org/web/201208/https://ftp-master.debian.org/
* That it's still a problem now means the only option left is to do less

* Most copyright issues are merely RC bugs, not rejections or need RM
* New uploads of existing sources should only have automated checks
* Examples: binary splits/hijacks/soname, source clones/renames (other?)
* Or this subset of NEW could be exposed as apt repo for manual checks
* Somehow implement this without pestering the FTP Team for feedback
https://salsa.debian.org/ftp-team/dak/-/merge_requests


---


p.s. Sorry Gard for trimming your entire explanation, in the end I
wanted to focus on message length rather than linking each point as a
paragraph reply. I hope this encourages others to focus on how many
times their email will be read. I'm also implicitly referencing all the existing discussions on this topic that end up in *long* threads e.g. https://lists.debian.org/debian-devel/2022/01/msg00360.html

-----BEGIN PGP SIGNATURE-----

iHUEABYKAB0WIQSBP39/Unco6Ai78+TbymUJHySObAUCYwicBgAKCRDbymUJHySO bJ2AAQDiyZ1+XtC72wfi+qXeqlM/afe531PkMDR6/cU2VOcQ6wEAvLCDcLCzuFdT Xem1qrGXV0zDmuIvJXRoXcs0hPFsnQI=
=uUpv
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le vendredi 26 août 2022, 10:58:28 UTC Simon McVittie a écrit :

On Fri, 26 Aug 2022 at 09:09:25 +0200, Jonas Smedegaard wrote:

The way I see it, the process is clear: provide *source* to build from.

If there is "source" built from another source, then that other source
is the true source.

I hope you agree that we are doing this in order to get some desirable properties of building from source, rather than because the rules are
the rules and we follow them without any critical thinking?
I feel strongly that if our policies are not meeting their goals of
advancing Free Software and providing benefit to our users, then we
should reconsider whether they are the right policies.

I don't think building from the least-derived form is always the right
thing to do. For instance, take rust-glib-sys, a package of Rust bindings
for the GLib library, which is one of the libraries whose handling
prompted this thread. It contains a description of the GLib library's API/ABI, basically the Rust equivalent of a C header file. It could
have been written by hand, but that would be tedious and error-prone,
so instead its upstream maintainers chose to machine-generate the API/ABI description from GLib. The thing that would be closest to "true source"
would presumably be to redo that machine-generation process, from first principles, at build-time

In this case the js team has solved the problem.

We use grouped source package, we have the same problem between javascript package and typescript. Javascript is the main source and typescript is often generated.

See here
https://wiki.debian.org/Javascript/GroupSourcesTutorial

In your case, you should group your rust source with the glib source and so no bundle anymore.

You need only a little bit coordination with the glib maintenair and accept funny version for glib like 1.0+~1.2

Bastien

However, if we did that by using the version of GLib in the archive,
then the API of the Rust bindings would not be entirely determined
by the content of the rust-glib-sys package as tracked by its version
number, which seems really bad for library stability: you could take
the same version number, build it twice in different environments, and
get two different APIs! rust-glib-sys could have a minimum supported
GLib version, but then would unpredictably have or not have additional
APIs beyond the ones present in that version, depending on the version
of GLib that happened to be installed at build-time.

If the generation process is not always 100% backwards-compatible, which
I suspect it is not, then that just makes it worse: now you can't even
rely on a rebuilt version of rust-glib-sys being compatible with the
version from before it was rebuilt! If the API description is curated by
the upstream maintainers, then they have an opportunity to detect incompatible changes and release them with a suitably changed version
number, or even as a separate parallel-installable version, so that
dependent projects can migrate at their own pace; but that can't happen
if the API description is generated at build time.

Or, the other way to generate rust-glib-sys from "true source" would be
to bundle a complete copy of GLib source code in it, and generate the
API description from that (which, as an implementation detail of the way
it was done, requires compiling GLib and then introspecting the binary,
and cannot be done while cross-compiling). This is not great from either
a technical or social point of view. From a technical point of view, rust-glib-sys' build system would have to be taught to compile GLib,
which uses a totally different build system (Meson rather then Cargo)
and is quite a large library, resulting in a much slower and less
reliable build. From a social point of view, again, GLib is not small,
and I don't think either the rust-glib-sys maintainer or the ftp team
would welcome the requirement to review another complete copy of GLib, transcribe all its potential copyright holders into debian/copyright
and check that it has been done, and so on.

Generating the API description in a way that does not arbitrarily vary
based on installed software might also require bundling and building a complete copy of GObject-Introspection, which, again, is not small.

All of this is for a functional interface description, analogous to a C header file without comments. In other contexts elsewhere in the project,
we rely on the functional parts of an interface description as not being strongly protected by copyright (after all, the whole GNU system started
as a compatible implementation of the interfaces provided by 1980s Unix,
and we have code in Debian that is a compatible reimplementation of
Windows interfaces), and we strongly limit the modifications that we
are prepared to make to interface descriptions (because Free Software
is important to us, we require the technical and legal ability to make modifications, but because API/ABI compatibility is also important to us,
we treat many of those modifications as something that we will refuse
to do unless there is a really compelling reason).

More generally, I don't think it's always useful to talk about "the"
source or "the" preferred form for modification, as though there is only
one. I think it would be more appropriate to consider whether the form
in which some software is provided is suitable for exercising your Free Software rights (as described in the FSF's "four essential freedoms",
for example) within the scope of whatever package we're talking about at
the time, or whether it's unsuitable for that use. If it's suitable, then it's source, or close enough; if it's unsuitable, then that needs fixing.

If we insist on a particularly puritanical view of what is source and
what is the preferred form for modification, then I think there is a significant risk of producing a distribution which is unquestionably Free Software, but either is missing useful Free software because it would be
too hard to get that software into a form that meets our self-imposed policies, or can only contain that software as a result of individual developers putting a heroic amount of effort into meeting those policies - particularly if we always go back to the "true source" and generate from there every time (which I will note that the ftp team specifically do not insist on unless there is a technical reason to do so, they merely require source to be *available*).

If we require contributors to do a considerable amount of work that
does not advance the project's goals, at best that's a waste of our most limited resource (developers' time and motivation), and at worst it's a recipe for burned-out contributors, which we absolutely should not want,
both because we're a community that cares about the well-being of our contributors (or at least I hope we are!) and because even from a purely amoral/utilitarian point of view, contributors giving up on the project
harm our ability to achieve our goals.

smcv

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

"Simon" == Simon McVittie <smcv@debian.org> writes:

Simon> I don't think building from the least-derived form is always
Simon> the right thing to do. For instance, take rust-glib-sys, a
Simon> package of Rust bindings for the GLib library, which is one
Simon> of the libraries whose handling prompted this thread. It
Simon> contains a description of the GLib library's API/ABI,
Simon> basically the Rust equivalent of a C header file. It could
Simon> have been written by hand, but that would be tedious and
Simon> error-prone, so instead its upstream maintainers chose to
Simon> machine-generate the API/ABI description from GLib. The thing
Simon> that would be closest to "true source" would presumably be to
Simon> redo that machine-generation process, from first principles,
Simon> at build-time.

As a general rule, I think that we should require that Debian contain
the software necessary to build from the least derived form, even if for
good reasons that you outline, we do not always do that.
It's possible that there are cases where this rule should be violated.
But in most of the cases I've thought about (including this one), user
freedom is likely to be impacted if Debian
does not contain the necessary software to rebuild the generated
components.


In this case, it would be reasonable for a user to want to extend glib
and to rebuild the rust bindings with those extensions.
Such a rebuild would introduce incompatibility,
but that's okay in a local context if someone wants to do that.
Actually, it's more than okay; it's an important freedom.

--Sam

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

To be honest, in terms of volunteered reviewing work, waiting
for several months is not something new. In academia, it may
take several months to years to get a journal paper response.

I've ever tried to think of possible ways to improve the process, but
several observations eventually changed my mind, and I'm willing
to accept the status quo.

* there is a trade-off between rigorousness and efficiency.
Any change in the process may induce disadvantages, where
the most difficult thing is to reach an agreement.
* we will add more work for ftp team if we get them involved in the
discussion of possible (but unsure) ways to improve NEW.

My ultimate opinion on NEW processing is neutral, and my only
hope for ftp team is to increase the pace of hiring new members.
To be concrete, it is much harder to write a concrete proposal
to debian-vote@l.d.o than discussing possibilities.

I understand we may have the enthusiasm to sprint on something.
However, in terms of the long-term endeavor on Debian development,
the negligible popcon number won't be less disappointing than
a long-term wait to clear the NEW queue.

If one's enthusiasm on working on some package is eventually
worn out after a break, then try to think of the following question:

Is it really necessary to introduce XXX to Debian?
Must I do this to have fun?

Strong motivations such as "I use this package, seriously" are not
likely to wear out very easily through time. Packages maintained
with a strong motivation are better cared among all packages in our
archive.

Why not calm down, and try to do something else as interesting
as Debian development when waiting for the NEW queue?
Or simply think of NEW queue as a Debian holiday application.

I just realized these over the years, and these are only my personal
opinion.


On Fri, 2022-08-26 at 09:18 +0200, Gard Spreemann wrote:

Jonas Smedegaard <jonas@jones.dk> writes:

Quoting Gard Spreemann (2022-08-26 08:49:21)

On August 25, 2022 10:52:56 AM GMT+02:00, "Sebastian Dröge" <slomo@debian.org> wrote:

PS: To preempt any questions as for why, the background for my
decision
to stop maintaining any packages is this thread, but it's really
just
the straw that broke the camel's back  https://alioth-lists.debian.net/pipermail/pkg-rust-maintainers/2022-August/022938.html

A bit off-topic, but I think we really ought to discuss (address?)
this elephant in the room once more. I don't have the answers, but Sebastian's email yet again clearly illustrates how the status quo
is hurting the project. This clear example comes in addition to
worries raised before about what the status quo does to recruitment
of new developers.

PS: I do not imply that the elephant in the room is the
ftpmasters. I'm thinking of the *process*. The people involved put
in admirable work in carrying out said process.

The way I see it, the process is clear: provide *source* to build
from.

If there is "source" built from another source, then that other
source
is the true source.

If ftpmasters sometimes approve intermediary works as source, then
that
is not a reason to complain that they are inconsistent - it is a
reason
to acknowledge that ftpmasters try their best just as the rest of us,
and that the true source is the true source regardless of misssing it sometimes.

Yes, this is painful.  Yes, upstreams sometimes consider us stupid to
care about this.  Nothing new there, and not a reason to stop do it.

If you disagree, then please *elaborate* on what you find sensible -
don't assume we all agree and you can only state that the process is
an
elephant.

Apologies, I should have been a lot clearer. I did not mean the exact
issue of what is the "true source" of something in a package. Rather, I
was referring to the process itself (looking in particular to the last
three paragraphs and the PS in Sebastian's linked email [1]). Whatever
the correct answer to what a "true source" is, in the current process,
a
developer has to make an attempt at doing the right thing, and then
wait
*weeks or possibly months* to know for sure whether it was OK. And if
it's deemed not OK, the reasoning may be entirely specific to the exact
package and situation at hand, and therefore extremely hard to
generalize and to learn from. (Do not construe the above as "ftpmasters
should work faster and give more lengthy reasoning!" – adding *more*
work to the process would make things even worse in my opinion.)

Although I maintain a very small number of packages, and ones that also
very rarely have to re-clear NEW, even I feel sapped of motivation from
the process. And I read Sebastian's email partly as an expression of
the
same thing (apologies if I misconstrue your views, Sebastian). I do
believe similar points of view have been aired on the list before by
others too.

As to your last point, elaborating on what I find sensible: I sadly
don't have a good suggestion. I do believe it is possible to point out
that the status quo is harmful without knowing how to sensibly fix it,
though. That's what discussions are for :-)

I am presently unable to find the message I'm thinking of, but I seem
to
recall one proposal being raised in the past: trust that a developer
has
done everything right, and introduce a class of bugs that can cause
complete removal from the archive instead. Afterall, we do assume that
the developer does the technical things correctly, until such a time as
a bug is filed. Could we not also make the same assumptions for Policy
and Social Contract things?


[1] https://alioth-lists.debian.net/pipermail/pkg-rust-maintainers/2022-August/022938.html


 Best,
 Gard

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Fri, Aug 26, 2022 at 04:13:43PM -0400, M. Zhou wrote:

If one's enthusiasm on working on some package is eventually
worn out after a break, then try to think of the following question:

Is it really necessary to introduce XXX to Debian?
Must I do this to have fun?

Strong motivations such as "I use this package, seriously" are not
likely to wear out very easily through time. Packages maintained
with a strong motivation are better cared among all packages in our
archive.

(note that using a package doesn't require uploading it and, indeed,
sometimes packaging things for local use is much, much easier than
packaging them for the archive)

--
WBR, wRAR

-----BEGIN PGP SIGNATURE-----

iQJhBAABCgBLFiEEolIP6gqGcKZh3YxVM2L3AxpJkuEFAmMJNmctFIAAAAAAFQAP cGthLWFkZHJlc3NAZ251cGcub3Jnd3JhckBkZWJpYW4ub3JnAAoJEDNi9wMaSZLh hY8P/RwJgZY6KD97FB2obcGH7bS91MwmSr09TIeLR3xI6XyhP1mEu6bzq5no/MR2 LtEEr4As0ih2xAsC3ww9Y8XNg5XQ66oK0GN3BjScyRYikc1qgHxWpA8T7Xk3G0vI vaZoP8JQqf0I+zHqfH8Cg0XbP05PxAmhHbANivEeowOHPDC3nI390HDyHYzbUcvR 8wMcNWwBtl565T20BH23GDpa4o8+b2mqcQdITmvFaE1Rao1IRmEcAI7fbBvY39Um R0WTuOx/2UgB4zJ+0s4aWdIxBHbn0318NMaRXvGYvTrhkZLtObmEmO78qDvW19rh 9vxfajsziVYvUVGtaQWLVLDYgUPDZfMj+AAR1QOFQ1cVsVs4ghh4G1OilBputARz YOrAiqgAwhq64cdxRX54TE810Dbjv84EmUZL8+v10KrW98fWs8Hmt5GbaJwryKfm gfSwyVrHGfl3mFwhCsmdKMK7RkUQZl78/DuCJkqdfdDdOKm3R1XXnvmbmJXPY6M2 9SB4ISVuajjZYL7FO87mbSQ9KygnbZZvF9RPqI1TXPWkICM+iZzYA+3MyfbNiJOH L1SutvPFUSgoG4ux0MOmY5aM2zHW3nGp+C0sBdtdAZBrcQ2vD2PoLywSxUGsUK1M GHHpySWrgDBQQBpz+rRpTJrCzbCf/jFRpa7EB5meLROoBwEI
=P0X+
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Fri, 2022-08-26 at 11:58 +0100, Simon McVittie wrote:

I don't think building from the least-derived form is always the
right thing to do.

Personally, I believe that instances of that represent bugs in how the
upstream source trees and build processes are organised.

For instance, take rust-glib-sys, a package of Rust bindings
for the GLib library, which is one of the libraries whose handling
prompted this thread.

I feel like the right way to organise this upstream is for GLib itself
to be building the bindings for itself (as Bastian Roucariès suggests).

Alternatively, if the GLib bindings really need to be separate, then
GLib could build the XML description of its APIs, include that in a
package, then rust-glib-sys build-dep on that, include a Built-Using
header and get binNMUed after every GLib update.

--
bye,
pabs

https://wiki.debian.org/PaulWise

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEYQsotVz8/kXqG1Y7MRa6Xp/6aaMFAmMJbMoACgkQMRa6Xp/6 aaPlwg/+LQ6oLAzwzHbHoxp4vfL72H/9MGXxcA6r0xlZjEWcoFMFsgutHJUU84sa lLb3ZI0tLQm1Xq9245MzMOr7eGz8+22jgQEKfES5iaEiNUMCCf2Pg+VcRI1tnd9i WQ1A8LdWrN64+v5RlAIQd3ijTiaX/BAUJIWhYy3u34KbWch16kx5u6KJSt6Nqmbo oMxa0br3CdliBS5+Epsd6GuHvjTHhnTEhAFqNA45/uOzqLH5m984h2Trifc4uj/M Pb7tj8hFfHQhSkmut88t6Kn/p1B+IMn1ulnJeiLBdebARE5+Y24p2gf0zPRHoukr Y5mJHeoeoiaIkNZURlRedtmjhcGckcTryUk55h7P3dinTjHe8bRa/BkJu0xH+aNs BX9ra9jV71n/qhHgrNuBoBBPrCVMhXUPEIbb0YSCAO4G6tWn2cbE0Twl0II3VeDf ammpQ63YCFWPdg9v/Ej7TdKvy0i5FFKxZqfTZT52gxC+LGJ++0dZxLfQL2oSCKN2 dgzc+NI5thK+5kHVbtirUMothK6DdbTmpIhCFU6PNmRB5NkVD46Fr0ugVBAgXshj hwrGf9MomtipN/jPxXnBgipOisiKKSYIYlTLhePVhO18vS1iyHHcV+SGQoKbqHjk 3EOCl4dvApiTMCTDFWIBH2v0N/j31PaPayVwjL5LR+elTyhpW2c=
=AY01
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

"M. Zhou" <lumin@debian.org> writes:

To be honest, in terms of volunteered reviewing work, waiting
for several months is not something new. In academia, it may
take several months to years to get a journal paper response.

Sure, but

(1) that situation isn't popular in academia either,

(2) at least you can put your work on arXiv or similar and have it be
useful to people right away, and

(3) a paper that's finally accepted (usually) doesn't ever have to be
updated, and doesn't risk needing to go through the process again. And
new papers don't require updates to old papers, usually.

An analogy following from (3): how great fun it would be if a
substantial paper correction would require no review from the publishing journal, but a title change would require a completely new peer review
process! (Yes, the idea of a title change is far fetched, but still.)
Seems a bit arbitrary to me.

I've ever tried to think of possible ways to improve the process, but
several observations eventually changed my mind, and I'm willing
to accept the status quo.

* there is a trade-off between rigorousness and efficiency.
Any change in the process may induce disadvantages, where
the most difficult thing is to reach an agreement.
* we will add more work for ftp team if we get them involved in the
discussion of possible (but unsure) ways to improve NEW.

My ultimate opinion on NEW processing is neutral, and my only
hope for ftp team is to increase the pace of hiring new members.
To be concrete, it is much harder to write a concrete proposal
to debian-vote@l.d.o than discussing possibilities.

I understand we may have the enthusiasm to sprint on something.
However, in terms of the long-term endeavor on Debian development,
the negligible popcon number won't be less disappointing than
a long-term wait to clear the NEW queue.

I don't think I'm worried about people being disappointed (by say an RC
bug being filed due to a copyright issue – correctness is far more
important than not being disappointed). I'm worried about the extremely
long time horizons putting people off from contributing in the first
place, because it requires focus and planning across a time gap that is
so many orders of magnitude longer than the time spent doing the actual contributing work. In some sense, contributing to Debian becomes mostly
about waiting. (Sure, there is something to be said about extremely
short, fragmented attention spans being unhealthy – but some
contributions are naturally short and easy, and we certainly don't want
to drive those away.)

If one's enthusiasm on working on some package is eventually
worn out after a break, then try to think of the following question:

Is it really necessary to introduce XXX to Debian?

I hope we won't try to define what "necessary" means, or have it become
a criterion for inclusion :-)

Must I do this to have fun?

I don't think Debian contribution has ever been a necessary condition
for fun. That's an incredibly high bar. If we were only to attract
people whose only idea of fun was contributing to Debian, I think we'd
become a very unhealthy project (and one severely lacking in
contributors).

Strong motivations such as "I use this package, seriously" are not
likely to wear out very easily through time. Packages maintained
with a strong motivation are better cared among all packages in our
archive.

I humbly disagree. Even from my own point of view, I may well be very
motivated to package something I use seriously all the time,
seriously. But then I see its dependency chain of 10 unpackaged items,
start thinking about the probability that they'll *all* clear the NEW
queue, and how long that would take, and I give up. And then there's the problem of attracting smaller contributions, as mentioned above: I
really believe that people get put off from putting in 30 minutes of
work for a nice MR on Salsa if they can't expect their work to hit the
archives for months and months (suppose for example they contributed to
a package whose SONAME is being bumped).

Why not calm down, and try to do something else as interesting
as Debian development when waiting for the NEW queue?

Sure. That's what I do. My list of joyful and less joyful things to fill
my days with is enormous. **BUT: I worry for the project if our solution
to the problem at hand is "maybe just contribute less to Debian".** Is
that really what we want?


Best,
Gard

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEz8XvhRCFHnNVtV6AnRFYKv1UjPoFAmMJ1WsSHGdzcHJAbm9u ZW1wdHkub3JnAAoJEJ0RWCr9VIz6dLUQAMAR08G3R1GUJbrNcsdkV6DTUc+NhTZ7 3uVu8t242DB2XIYH5fNzT8DoqhFW3RCBuULDCoLtbZVjUICK7e3XeieRhN0TrMQn Ji1AD1bBsNjQIGUIqrYDvcYJuXWzkQfP3lpcZwIcrw4bTzx9aR9szz7zACE26DYn 0LHzWzJoFIYFPJLcYDIu+RKPUv08w2jePBkdc3hlxWc6CBe2DMRBBvbUUjRua39M MoOKsxW9b59nlOw89fI44cc/GZcqozjnc4BaKhy5pu6BqONW3wGDtQGUcXVcF9qp u3bW8gp9LkRIaZuf/NxIW2Dy259EfuK2LcavLdy0ih3svFjpFbLYTwnZQr0jzTaV TSDY3DwLGJRgqoTFawaAek53z6F121uvHDoSmCUBbDoGJyyvRgYlsLnn3umDK2yC tVgxwV48acjDqKJ2Hl+6funDnH0bEeEoNKph2IRajEMZpjABlj4bw+OfBqSKRQHj jhirQ43O0v7wsa0Q3dnsRy8N777qa6Ttk7iNZld3iokPSAA5IIADVl/UrW1vN6pP RcbpXU+39EKs4FwGoJzGq31uwsZrAWICSAP5tTTIaDJiho5DgdiBQG90KbdMA6Zd p8Cq3Rc7r9xCZxX8lo+lxzBU3wHELEZYjxs7zkaj0+Nfiq4WIRjMnkiSOI3I5kTy
iiZ569/V3FlH
=y46B
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Gard Spreemann <gspr@nonempty.org> writes:

Oh no, then we instead insist that related work stops

Sorry, this was imprecise of me. We of course don't insist that related
work stops. But I really fear that that is the consequence in a great
many cases.

-- Gard

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Paul Wise <pabs@debian.org> writes:

There are a lot of examples of busywork in Debian, such as documenting licenses, packaging dependencies, removing non-free files that are only
in source packages, runtime selection of correct CPU instructions,
fixing build failures, porting reverse dependencies to newer versions
of APIs etc. All of these are things that contributors complain about
and get burned out by us requiring or even suggesting. All of them
however are necessary in some way. I think the requirements around
source and building are just another example of this.

Indeed. But is it necessary that this busywork be checked in the way
it's currently checked, as the package passes through NEW? Why does it
only have to be checked this way when a package name changes or there's
a new binary being built? The rest of the time we seem fine catching all
of these kinds of things through bug reports.

We trust each other not to violate Policy. If we do find violations, we
file serious bugs, and expect those to be acted upon. But not if there's
a new package name! Oh no, then we instead insist that related work
stops, and have the developer wait for months for detailed manual review
by overworked reviewers.



Best,
Gard

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEz8XvhRCFHnNVtV6AnRFYKv1UjPoFAmMJ1/QSHGdzcHJAbm9u ZW1wdHkub3JnAAoJEJ0RWCr9VIz6s5AP/3t+4Jw5eMfS2xcRey78tdCfyfuEjhWh v76Waen3Ux1i1B9MCRtGyp2qjxPbC3pskkLo8jTFxxHGO3U4RnhBHzbN/SKFpF6R vJunWcZNnxZSipggYHGj5cmpytSpyPpsJ5b6DXMVnd9goafh464HWx+vV7BVCd3x xSnlIAUBjCVPakXihToOC8Fgw6atNT9E5OQVA5fBuk/VDytzb5ixqTDGI2O6jb1G VBbhmPtGy86FAKAhuc/+72njxNZgeFmcl3mvfTLjHbtOV0Tfv95WLgrqFDZRMOwT aURp7Hp2CG414ehDJwFHZVU1Ndg/h5+zVWawB/yGe1JhPllVF5zJsV/uI+7DlsMV ggjn1mcnFvMoFnIaQvKIYWRZO2RMQ7QCsymF+z76+LjTLtG83X6pTwLMk8jASdVT WX4NgExStxGjxnEA59oosqLZ0L9HtIcWYJfpq4oPVtfV8stZ50TQhCQmLb1gJmZh GIKyVaUTZ8zbcOxDq7UUigGBs7KEVQaWUA+qC/zw4f43dzTKfddmMnJL7ytufHUC RkhVm58+oOsAGtJPeBP/wKHFhpDk7u+ZzKQ+l6XCu9k1y551Y0IGE4fMeRmFoY7d pQPrGYePg0oy2PUd3cN8jSg9YVomHp845rDEDXY6U+NWUXm2MZlTyJ+a2eo7ZGF5
VO8kxyDMdny4
=xImy
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, 2022-08-27 at 09:50 +0200, Gard Spreemann wrote:

contributing work. In some sense, contributing to Debian becomes
mostly
about waiting. (Sure, there is something to be said about extremely
short, fragmented attention spans being unhealthy – but some
contributions are naturally short and easy, and we certainly don't
want
to drive those away.)

That's why I still hope ftp team to recruit more people. This is
a very direct and constructive way to speed up everything.
More volunteers = higher bandwidth.
Recruiting more people doesn't seem to have a serious disadvantage.

In my fuzzy memory, the last discussion on NEW queue improvement
involves the disadvantages by allowing SOVERSION bump to directly
pass the NEW queue. I'm not going to trace back, because I know
this will not be implemented unless someone proposes a GR.

If one's enthusiasm on working on some package is eventually
worn out after a break, then try to think of the following
question:

  Is it really necessary to introduce XXX to Debian?

I hope we won't try to define what "necessary" means, or have it
become
a criterion for inclusion :-)

  Must I do this to have fun?

I don't think Debian contribution has ever been a necessary condition
for fun. That's an incredibly high bar. If we were only to attract
people whose only idea of fun was contributing to Debian, I think
we'd
become a very unhealthy project (and one severely lacking in
contributors).

For newcomers, a long wait wears out their interest of course. I'm
not sure what would be the reason for a potential newcomer to reach
us if they do not find contributing this project "fun/interesting",
or "worthwhile/useful".

For people who chose to stay in this community, there must be a
reason behind them. Because I believe no body can contribute
to a volunteer project without payment / fame / enjoyment.
Without such a high bar, the member list will be much more volatile.

Strong motivations such as "I use this package, seriously" are not
likely to wear out very easily through time. Packages maintained
with a strong motivation are better cared among all packages in our archive.

I humbly disagree. Even from my own point of view, I may well be very motivated to package something I use seriously all the time,
seriously. But then I see its dependency chain of 10 unpackaged
items,
start thinking about the probability that they'll *all* clear the NEW
queue, and how long that would take, and I give up. And then there's
the
problem of attracting smaller contributions, as mentioned above: I
really believe that people get put off from putting in 30 minutes of
work for a nice MR on Salsa if they can't expect their work to hit
the
archives for months and months (suppose for example they contributed
to
a package whose SONAME is being bumped).

I agree with your disagreement but I keep my opinion. My track record
involves maintaining loads of reverse dependency libraries.
I've already gone
through all kinds of pains from the NEW queue and eventually learned
to take a break immediately after uploading something to new.

That said, if someone presents a GR proposal I'll join. In Debian,
it is not that easy to push something forward unless it hurts everyone.
Our NEW queue mechanism has been there for decades, and people are
already accustomed to it (including me). From multiple times of
discussion in the past, I don't see the NEW queue problem hurting
too many people. If nothing gets changed in the NEW queue mechanism,
people may gradually get used to it, following the "do not fix it
if it ain't wrong" rule. The voice will gradually vanish.

This is surely unhealthy. But as an individual developer I don't find
many feasible ways to push things forward unless someone figure out
a reason that as many people feel hurt about it as possible.

Why not calm down, and try to do something else as interesting
as Debian development when waiting for the NEW queue?

Sure. That's what I do. My list of joyful and less joyful things to
fill
my days with is enormous. **BUT: I worry for the project if our
solution
to the problem at hand is "maybe just contribute less to Debian".**
Is
that really what we want?

I forecast this thread will eventually end up with
"calm down and take a break" solution again.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2022-08-27 15:53, M. Zhou wrote:

That's why I still hope ftp team to recruit more people. This is
a very direct and constructive way to speed up everything.
More volunteers = higher bandwidth.
Recruiting more people doesn't seem to have a serious disadvantage.

It does not seem to work. Either people don't want to do that, either
the FTP team is too picky on the candidates.

I forecast this thread will eventually end up with
"calm down and take a break" solution again.

Yes. Unhappy people will just continue to silently wind down their
involvement in Debian.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hello,

On Fri 26 Aug 2022 at 11:58AM +01, Simon McVittie wrote:

More generally, I don't think it's always useful to talk about "the"
source or "the" preferred form for modification, as though there is only
one. I think it would be more appropriate to consider whether the form
in which some software is provided is suitable for exercising your Free Software rights (as described in the FSF's "four essential freedoms",
for example) within the scope of whatever package we're talking about at
the time, or whether it's unsuitable for that use. If it's suitable, then it's source, or close enough; if it's unsuitable, then that needs fixing.

If we insist on a particularly puritanical view of what is source and
what is the preferred form for modification, then I think there is a significant risk of producing a distribution which is unquestionably Free Software, but either is missing useful Free software because it would be
too hard to get that software into a form that meets our self-imposed policies, or can only contain that software as a result of individual developers putting a heroic amount of effort into meeting those policies - particularly if we always go back to the "true source" and generate from there every time (which I will note that the ftp team specifically do not insist on unless there is a technical reason to do so, they merely require source to be *available*).

Right. I think the ftpteam members agree, and hold far from the more
extreme possible views about building everything all the way through.
We just want to think through each case carefully enough to be satisfied
that we're not failing the project in stewardship of the DFSG.

Most times I send a "Comments regarding ..." mail from NEW saying "this
seems a bit strange, can you explain" the result is an ACCEPT once an explanation has been provided.

In the case of the Rust package that started the recent discussion, when
I looked at it in NEW, I recall that I couldn't find a single
non-generated file aside from metadata. That's the opposite extreme.

In the discussion that followed I tried to respond to abstract cases in
ways that were helpful, but with hindsight it would probably have been
better just to say, "make some judgements about what's in its preferred
form for modification, explain it in d/copyright, if you're doing so in
the spirit of the DFSG then the ftpteam will probably agree." It's sort
of like the "no detailed design work" for the TC.

--
Sean Whitton

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJNBAEBCgA3FiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmMKXYoZHHNwd2hpdHRv bkBzcHdoaXR0b24ubmFtZQAKCRBpW3rkvwZiQGVvD/92iSyMD1NLAjw+bnuzeb1Q c2IpRHHh3WMrhssTN18VmCgbL3B6ce1oHwBcuCcK/T02ktLg2cUVDyTTH1mZXlzi thOwzNMvz5XPkTvUU0ULd1dR576rqWmf5Pw3TCF1g3DBnNbEWYsJjDwsnhoOW6zI +EUIu/FqTXBeZeFl3pcC+wth+soA/LWix7Sf8khRfJT8o/wFY//nl6cUO2LdAFFH fbQjnskhCFRVZx6XtPILgr6y+yFWCR1RCPHotT+ipWGPW7X2o+Q0Woe6PfcEqoO/ fbwTnJRX6rFPR8A7g79s8jhVuF2G+Xef57tLcl3D/hr0jc5VBORtVEDic/q4mzeF hp7wXbYPmBRzmse0mlDXadIr4LSN6wpMI3x0pO4yYT3ZOwBESwQa6NLmxuJ6/DrB 7a3nwBdl3TI2wHjvuGehvE0PfCUJr9Ux84Gdx6HBzsfdWVS3k0qyAxfPtNo0/s1g LY6Hl+iI9HCm+b5utZOkehEu8k1BnhObe5x0rTPdszPagxN+01eWBe8rdvhINggk 6JdFIjXlqr+aUv89ZECd6junDTKCIxJY1jnSuInPzE81gPE3nZ0Ra67So7e5918i vNRQkXf5ZtHe5ur50Ra7SHoj8bUnjAE+QUy5R65YOc6WH9gM280rn9lHjde74acv 4cA9HL21UQUHLuHKSi7pQA==vKJz
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Us

Hello,

On Sat 27 Aug 2022 at 04:22PM +02, Vincent Bernat wrote:

On 2022-08-27 15:53, M. Zhou wrote:

That's why I still hope ftp team to recruit more people. This is
a very direct and constructive way to speed up everything.
More volunteers = higher bandwidth.
Recruiting more people doesn't seem to have a serious disadvantage.

It does not seem to work. Either people don't want to do that, either the FTP team is too picky on the candidates.

Some combination of both, but I don't think I'm suffering from bias if I
say that it's at least 80% the former. Very few people who say they'd
like to be trained confirm they'd still like to once they've had a look
at the docs for trainees, and after that, hardly any do enough trainee
reviews for the other team members to feel confident they can let them
at it on their own.

I am the only trainee who made it through in recent years and that's
because I was highly systematic about doing lots of reviews each month.

There are some technical improvements that would be possible. For
example, feedback to trainees is entirely done via IRC; I would much
prefer us to be doing that by e-mail. But other team members disagree
with me, I think, and I do recognise I like e-mail more than most people
do. There are ways the tools could be better.

In general, however, existing team members, including myself, are pretty sceptical that technical improvements would be worth the time it would
take to implement them effectively. dak as a whole is less well
maintained than other core Debian software, but the NEW queue parts are
pretty good!

So, the bulk of the problem boils down to project members not being
interested in doing the work. I certainly understand this. It feels
just like grading student essays. Everyone finds that highly draining
at first, until you develop a sort of detachment from the activity,
where your mind is going through the motions of the activity sort of
like how your hands can be going through the motions of something like
food preparation for a familiar dish -- you have to learn that you won't
make worse judgements if you become detached in this way, just like how
you won't prepare a worse version of the dish if you do it in the
detached way. Then I just applied what I'd learned from grading to the
NEW queue, and then it's pretty fun and even relaxing when you're not in
a frame of mind to do harder thinking. But like I said, most people
don't want to do any of this, and of course being a trainee is *not*
like that.

And then recruitment is less efficient -- not enough feedback on trainee reviews -- because there aren't enough team members. The usual
compounding effect.

--
Sean Whitton

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJNBAEBCgA3FiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmMKYXcZHHNwd2hpdHRv bkBzcHdoaXR0b24ubmFtZQAKCRBpW3rkvwZiQEILD/wOjX996hz3M7M+/Wa+ZHBm y71opHub4tQLieY92gawUqUq7kbzkZZOQ+wjV6dxk9j01y7kAZ+5Rbm1NznZqnc9 H+XPkGuWU9LKilwoUeUYr4oy5spVI4OYe3O/eD10HiC+W3vLwbBcMC+foAZiZHQV lOMdKjm7VLTWN+yEaFeFu1IxnE04RSXhGW1XHWeHgQ5ESgjwaK0Kh2w7F+5AUQGk u5YhEIY9Z0haKWoA6hbzsUaZIfgltg4NeW7EgYogvyVp6qmlx+AfW/HHSB7+cAqr Ctbim6ygZDTJkqLMJXTaO7VCP4jRsOuCLoWjfAjsdcx+uxDlh/Bica/g5sx7UG/Q s68YOorXy+IDcSd4f4vemCSp8z+xx78SRcPf6ih+K8CATqOtVW6LhJHHEfqDwHrm L2sMVOOdxWVWKXX7oYWezkCwBAxJerY55dzuUZypw4AwMUremRvPah1QCUZtXH97 SidqDTlt1wH/IAvo1upUTizdSDfSHKzsOVfE4RCN+Cq9gECCric4OM8Ai0FOAAp/ sQ1d/vDhja1zBzMuXwtn39eRKpcTlI8OWL3KnUhsH6BFQ1O+29Tt/ycMn+/xoTqT JmbaWBN00LTWp/YVIAqyptTKREyrGllCKG/oRO5munodzPaMq/U1PNuXCJYZG1Td 84Cc1ek0lic/wAwk3DK7AA==jnnZ
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Us

"M. Zhou" <lumin@debian.org> writes:

On Sat, 2022-08-27 at 09:50 +0200, Gard Spreemann wrote:

I humbly disagree. Even from my own point of view, I may well be very
motivated to package something I use seriously all the time,
seriously. But then I see its dependency chain of 10 unpackaged
items,
start thinking about the probability that they'll *all* clear the NEW
queue, and how long that would take, and I give up. And then there's
the
problem of attracting smaller contributions, as mentioned above: I
really believe that people get put off from putting in 30 minutes of
work for a nice MR on Salsa if they can't expect their work to hit
the
archives for months and months (suppose for example they contributed
to
a package whose SONAME is being bumped).

I agree with your disagreement but I keep my opinion. My track record involves maintaining loads of reverse dependency libraries. I've
already gone through all kinds of pains from the NEW queue and
eventually learned to take a break immediately after uploading
something to new.

I consider you quite the hero for your massive contributions to the
Debian deep learning ecosystem. But I do worry that there aren't enough
Mo Zhous in the world ;-)

That said, if someone presents a GR proposal I'll join. In Debian,
it is not that easy to push something forward unless it hurts everyone.
Our NEW queue mechanism has been there for decades, and people are
already accustomed to it (including me). From multiple times of
discussion in the past, I don't see the NEW queue problem hurting
too many people. If nothing gets changed in the NEW queue mechanism,
people may gradually get used to it, following the "do not fix it
if it ain't wrong" rule. The voice will gradually vanish.

… or people quietly vanish from contributing.



Best,
Gard

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEz8XvhRCFHnNVtV6AnRFYKv1UjPoFAmMKiRASHGdzcHJAbm9u ZW1wdHkub3JnAAoJEJ0RWCr9VIz6fnwQALaiR1gvnjzKDk4bU2HQ1ZtKrEz+hVMZ /rTVgEcR6injS85b7ysmMFS9kgJrC8LbUcaGNTx5GMENQcN++neHe5MyU4JO7I9z 8j3tkFFQvEqhG/eNaieAIE4U1tV42+AlzlEQTWbyAZp/1xcjU74Y7czVTJ9tduQk 5Add856/ny3ewbv6PwaeaUaTqmQnNPqGo8T3eXqml/eMlSBi6DeLTjpwuyDbhw+D R4khm/Uh9QNpkVg9zpIzEF6etfZvom2b2K2mcWhSb2cBNRsK2L4DH3vhLYus8YFU Adl5gnG9boILy/NH1xZQbZPLqTUXJb990CuH3I05ACmHRxiM4pzVe5QJVlKZRFam Gv0eXuNlunStfjgq4DKmDCo1f4FWu4VzvdokkL0eUDEfgINV69Ex8a1QnfQpz79K HNAX/yzSjpfa5jmunOjznAwKv0f9mmQHgqTo9NI1CDg++Jsm2O629tYyV2G90SZ9 LViQKTCp0MoJSp/BQ62BKRi1LMz0kIGSlTvfw1RXBRX8TbOHHp4bnxk/Bgw9ih2h 4mfxhCyrZwYwjVGoFaLvOyxugwwEyot25JrzMOOFOpRM5qn1fg21XZxLzsIFcGTB +DzmqVPwUXRbKUs1Vl0YstDPilMZvAEnPeETYllZnIlnS/+pUuzepDuh0oal79qx
MGEYRlF4s3K2
=VXPo
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Am Fri, Aug 26, 2022 at 04:13:43PM -0400 schrieb M. Zhou:

If one's enthusiasm on working on some package is eventually
worn out after a break, then try to think of the following question:

Is it really necessary to introduce XXX to Debian?

May be I'm repeating myself but having packages in new fixing RC bugs
(for instance bug #1015861 is waiting for five months) triggering
testing removals of several packages is a good reason to answer with
yes here.

BTW, the vast amount of new packages I'm packaging are new dependencies
for existing packages to get their new versions.

Kind regards

Andreas.

--
http://fam-tille.de

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Am Sat, Aug 27, 2022 at 09:53:40AM -0400 schrieb M. Zhou:

In my fuzzy memory, the last discussion on NEW queue improvement
involves the disadvantages by allowing SOVERSION bump to directly
pass the NEW queue. I'm not going to trace back, because I know
this will not be implemented unless someone proposes a GR.

I'm considering this once beeing back from vac. However, the problem in
such a GR is that even if there is an outcome for the voting that sais SOVERSION bumps should pass new we need some code that implements this.
So we also need someone to volunteer for this.

Kind regards
Andreas.

--
http://fam-tille.de

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, 27 Aug 2022 at 09:01:01 +0800, Paul Wise wrote:

I don't think building from the least-derived form is always the
right thing to do.

Personally, I believe that instances of that represent bugs in how the upstream source trees and build processes are organised.

While I'm flattered that you think I have the level of control required
over upstream projects to be able to demand that they change their
procedures in this way, I'm just a relatively minor contributor doing
my best. If the bar for being a Debian maintainer is set at "must be influential enough to coerce the upstream project into behaving as we
want, against other developers' wishes", then I think we will have an unsustainably small contributor base.

If I recall correctly, there have been vague plans to integrate GObject-Introspection with GLib for about a decade (in order to break
the circular dependency that GObject-Introspection depends on GLib, while
the interface description for GLib is conceptually part of GLib but must
be generated using GObject-Introspection), so if there was not a barrier
to doing that, I'm sure it would already have happened. I don't know the details, but to the best of my understanding the major objection is that
GLib essentially cannot ever break API/ABI without extensive disruption,
while GObject-Introspection is not felt to be sufficiently mature to
be able to say with confidence that it can live up to that standard
of stability.

However, GObject-Introspection has worked approximately the way it
currently works since at least 2008, and was apparently fine. I am less familiar with the Rust bindings, but I believe they've worked the same way
they currently work since they were introduced to Debian in 2018. What has changed? Have the goalposts been moved? I share Sebastian's concern that
if upstreams are led to believe that something has been fine for multiple years, demanding that they put a significant amount of work into changing
how they operate is unlikely to lead to positive results. I already have
to spend a significant amount of time defending "weird Debianisms" even
in sitations where there is a compelling technical reason for what we do; upstream goodwill is a finite currency, and I think we should prioritize spending it in the ways that will give us the best return on investment.

Requiring GLib and GObject-Introspection to be upgraded in lockstep would
also limit our ability to test new versions of GLib in experimental,
which is something I have been putting a significant amount of work into
in recent years: at an early stage in the GLib release cycle, there is
usually no corresponding version of GObject-Introspection yet. If we
do not test development versions of important libraries like GLib, then
we will be stuck in the situation of always catching up with upstream,
and will be unable to respond to upstream changes quickly enough to have influence over whether they are accepted, reverted or adjusted. If we
claim to be maintainers rather than mere packagers, which we do, then
we need to spend less time working with branches where it is already
too late to make significant changes.

I feel like the right way to organise this upstream is for GLib itself
to be building the bindings for itself (as Bastian Roucariès suggests).

Meanwhile, the language bindings for GLib and most GLib-based libraries
(for Rust, Python, JavaScript, Perl, Haskell, C++, etc.) have always been separate from GLib itself. There are broadly two categories: the ones for dynamic languages like Python, Perl and JavaScript that are brought into existence at runtime on a just-in-time basis, which are not a problem in
this context because there is already an expectation that these languages
are dynamic, and the ones for compiled languages like Rust, Haskell and
C++, which get compiled and have a fixed API/ABI for all subsequent uses.

I for one am grateful that it is possible to be a GLib maintainer without
being proficient in Rust, Haskell, C++, D, Pascal and whatever other statically-compiled languages people want to support. If GLib upstream
were to integrate the Rust bindings into GLib, therefore requiring
maintainers to be proficient in Rust, then I would no longer be able to be
an effective GLib maintainer. Even if I was proficient in Rust, requiring maintainers to also know (for example) Haskell seems unrealistic.

I know some people would consider me to be irresponsible for not yet having learned Rust to an expert level, and I apologise for only having a finite amount of time available for Debian; but there are too many things in
my queue already, and the higher we put the bar for being a maintainer,
the smaller our potential contributor base gets.

As well as the scalability problems inherent in having each library
be responsible for explicitly supporting every language, the same
stability concerns as for GObject-Introspection apply here: GLib is a
mature library with a long-term stable API/ABI, but its Rust bindings
are relatively new and cannot guarantee stability on a scale of decades
(they haven't yet *existed* for decades).

The glibmm bindings into C++ are in a similar situation of being less long-term-stable than GLib itself, and have had at least two intentional, parallel-installable API/ABI breaks during the lifetime of GLib 2.x
(glibmm2.3 -> glibmm2.4 and glibmm2.4 -> glibmm2.68) even though GLib
itself has not. I expect that the Rust bindings will have to behave
similarly over time, to avoid being constrained by whichever early design decisions turn out with hindsight to have been a poor choice.

Alternatively, if the GLib bindings really need to be separate, then
GLib could build the XML description of its APIs, include that in a
package, then rust-glib-sys build-dep on that, include a Built-Using
header and get binNMUed after every GLib update.

I think I explained earlier in this thread why it is not desirable
for the API of a rust-glib-sys package of the same upstream version to
change depending on the version of GLib that it happens to have been
built against.

smcv

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, Aug 27, 2022 at 09:50:41AM +0200, Gard Spreemann wrote:

Strong motivations such as "I use this package, seriously" are not
likely to wear out very easily through time. Packages maintained
with a strong motivation are better cared among all packages in our archive.

I humbly disagree. Even from my own point of view, I may well be very motivated to package something I use seriously all the time,
seriously. But then I see its dependency chain of 10 unpackaged items,
start thinking about the probability that they'll *all* clear the NEW
queue, and how long that would take, and I give up.

In that case, writing to FTP masters or sending a message on #debian-ftp
helps sometimes, but we still need to patiently wait anyway.
In my personal experience, when I upload a large amount of packages to new,
FTP masters are quick to accept that.

I recently packaged something and uploaded 17 new packages, everything got
in within a week. And I remember at the time of bullseye release, I had
52-53 (!!) packages in NEW and they did get `processed' in 3-4 months.
So I do think that FTP masters react to maintainers when they push a good amount of stuff to new.

That said, I also once had a package that waited for 11 months in NEW.

In any case, I agree with Lumin's point here.

And then there's the
problem of attracting smaller contributions, as mentioned above: I
really believe that people get put off from putting in 30 minutes of
work for a nice MR on Salsa if they can't expect their work to hit the archives for months and months (suppose for example they contributed to
a package whose SONAME is being bumped).

Yeah, that's a bit of a bummer. It specifically gets discouraging for
newcomers who end up waiting for a long time before their contribution gets
in.

Why not calm down, and try to do something else as interesting
as Debian development when waiting for the NEW queue?

Sure. That's what I do. My list of joyful and less joyful things to fill
my days with is enormous. **BUT: I worry for the project if our solution
to the problem at hand is "maybe just contribute less to Debian".** Is
that really what we want?

Or maybe it means 'work on something else' while your package completes
its trip in new and back from vacation.

--
Best,
Nilesh

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEPpmlJvXcwMu/HO6mALrnSzQzafEFAmMLcdEACgkQALrnSzQz afG7XQ/9FynifKB3y/7CfVEzkHmU515l5fVh0NvE6EFok1k4a3EZewZ/ItUDwJlH Dt7Ohydl3HL4d++SMHhXmsZYEzFyFgMAFBa6NR+JF1NDxYI94rVbB1gg/IpjnNsT GWj5Tdi84CYVAFx0aInWXURJ/F+uRZLPV8xbAjlWlrEQ8ll4ync/ogQm/FzyIubp Cz0jWh0ugeBCWoDuq6AUkuqYCkTDf4fxBAuXOCO/GzCi6JuVmz+hUcws8a6rcFN1 VpD8vUNP79xfk3Caz0C2sNygITQizjkjBxJe08wIQxS5Ba7VgAj5MmZPZ+spsSSw N+/Zllc2BFLD2HZWHVzois58D//J3Osln6PbQEsGglsAqaJvk7b65bQHDfTPn6v4 GSYby0RkY8ImAxzYnbTC9qavHnzyzKZ0TKO6qopdYg8Jl9h0vSD8Go1GVdpgSRQq bpYkOdYTEklBy2PolwFo0QGj31ynDiR+EnaTtOM4lOkKjwhy0xbxDefGErKJg/Zx RL8GH8QBGKh57P9g0tJ0n87n8iv3767Px5P3KsnRhuLPYnHiGBV4pyaSsfYEuDAV F41A6cswxi2uEWeZIhRWS6sMhCvLifvhmD8HKeSgrKw5sq8PzT5JTsUSrPmGiQfv yt5/aiJ2nfj+hZeo2yMMQX2coWAFPFBfkCPPSCE8Jwl00Jp/PwY=
=EH45
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Paul Wise <pabs@debian.org> writes:

On Fri, 2022-08-26 at 11:58 +0100, Simon McVittie wrote:

For instance, take rust-glib-sys, a package of Rust bindings for the
GLib library, which is one of the libraries whose handling prompted
this thread.

I feel like the right way to organise this upstream is for GLib itself
to be building the bindings for itself (as Bastian Roucariès suggests).

Speaking as an upstream maintainer who historically has maintained
language bindings for a package together with that package (remctl), I can
tell you that this is a bad idea, I would tell my past self to never go
down this path, and that maintaining each language binding as a separate upstream release is a superior technical solution.

This is unintuitive! I believed the opposite for many years! But it
turns out that maintaining language bindings as part of a single combined source package is an incredibly difficult thing to attempt to do in the upstream build system, and it is getting more difficult by the day. Each language ecosystem has its own build system, and many of them are
undergoing rapid development. Each language now also has its own archive
to which build artifacts should be uploaded, often including pre-built
binary artifacts for major platforms, and doing this with a combined build system from a single source package is quite difficult. All of the tools
are oriented around a single package building for a single language, with
all of the build system configuration for that language at the top level
of the package.

It's *possible* to do this. I have for years supported bindings for four languages plus the C source in remctl. But it's hard; I have personally
spent multiple hours keeping this working, hours that were not spent on
the software itself or even on the build system but just on integration problems between the various build systems mushed together into the same release. There's very little payoff for this work and it's contributed to
not integrating some language bindings or other implementations, such as
Java. I haven't yet had the time to do this, but I plan on separating
remctl into five separate upstream releases for different languages.

This will also, ironically, help in Debian, since it will mean that the
remctl source package doesn't tie together language transitions for four different languages.

remctl doesn't have the specific problem that Simon is pointing out with
the definition of what source code is, so it's unaffected by the point of
this thread. But I think it's important to note that upstreams do things
like this for good reasons, and undoing them may mean that someone spends
a bunch of time and effort, on an ongoing basis, working around problems
that upstream has wisely avoided and doesn't think should need to exist.
It's very hard to find motivation or volunteers for that kind of work!

--
Russ Allbery (rra@debian.org) <https://www.eyrie.org/~eagle/>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hello,

On Sun 28 Aug 2022 at 07:45AM +02, Andreas Tille wrote:

Am Sat, Aug 27, 2022 at 09:53:40AM -0400 schrieb M. Zhou:

In my fuzzy memory, the last discussion on NEW queue improvement
involves the disadvantages by allowing SOVERSION bump to directly
pass the NEW queue. I'm not going to trace back, because I know
this will not be implemented unless someone proposes a GR.

I'm considering this once beeing back from vac. However, the problem in
such a GR is that even if there is an outcome for the voting that sais SOVERSION bumps should pass new we need some code that implements this.
So we also need someone to volunteer for this.

I think we still want the binary package namespace checking?

I.e., a GR just saying "ftpteam should not do a full licensing/copyright
check for packages in binNEW".

Then no software changes are required.

--
Sean Whitton

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJNBAEBCgA3FiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmML1vAZHHNwd2hpdHRv bkBzcHdoaXR0b24ubmFtZQAKCRBpW3rkvwZiQIBMD/4ubGmRi75oK3f2PIZ62D8B UTbtxg58h9Xsj1weG5XZiuLmpht+Kt8KkNIBGQEat4NBD2CEopChXqBYViN428wc KM7MTZNYBENb99oJQWzRVolrfwMKo323jLnlPeVYtEl9o7mEKkJ+VkvqbjnvUZMr x0ZWkdnE8J2JfP0sYLeLNmQUNVAk94UXNLU2dsGaqKzYqksIdYFF9LwAMWD4i9oR Pjo/Wu2GutsEl9QYNdyWUu1XZgm7umUZWSMw9AyOjSWOa67JlGg8U86B29akR+qD 90yz4HD78vUS55MsDohwee5FwjBOku2+LQTIyX4DoHKuXTHHNutHaNX0myGtJLrc fEAUK9MbGIxbh1H9Bpr2q1d1YgFNpq+uuqkcPwbYqswRYudokmro0q4mUIusDCog tNfCGQegSrNwqTjrcltMYZBEqjabmTtkhWoWIQ5nYF9gg2eP0jEds3diyrAPqmqu AfFxhbxCutLe0FFLj88+5KXWbMeo0tptKFwFzMVcj+o7HEoB/c0Berb2YrohoRqE i6qSBq33+xOQGZ2ciX9gUCxXAh1Rk4NWegXb3ddpIZvraEjIASB1gxkVyFE+gD8P 8KhJIWNpOyZl2T55wwcOJgE/6wWpUOgK7+A8RsNX28VtvZTEOvEAXtrMld//Avb6 z5J6qgj5gVJxQVMXcGlH8g==xZGZ
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Us

On August 28, 2022 8:58:24 PM UTC, Sean Whitton <spwhitton@spwhitton.name> wrote:

Hello,

On Sun 28 Aug 2022 at 07:45AM +02, Andreas Tille wrote:

Am Sat, Aug 27, 2022 at 09:53:40AM -0400 schrieb M. Zhou:

In my fuzzy memory, the last discussion on NEW queue improvement
involves the disadvantages by allowing SOVERSION bump to directly
pass the NEW queue. I'm not going to trace back, because I know
this will not be implemented unless someone proposes a GR.

I'm considering this once beeing back from vac. However, the problem in
such a GR is that even if there is an outcome for the voting that sais
SOVERSION bumps should pass new we need some code that implements this.
So we also need someone to volunteer for this.

I think we still want the binary package namespace checking?

I.e., a GR just saying "ftpteam should not do a full licensing/copyright >check for packages in binNEW".

Then no software changes are required.

I think that a GR to prohibit developers from looking for bugs is at least in principle inconsistent with not hiding problems.

Scott K

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Scott Kitterman <debian@kitterman.com> writes:

Sean Whitton <spwhitton@spwhitton.name> wrote:

I think we still want the binary package namespace checking?

I.e., a GR just saying "ftpteam should not do a full
licensing/copyright check for packages in binNEW".

Then no software changes are required.

I think that a GR to prohibit developers from looking for bugs is at
least in principle inconsistent with not hiding problems.

Saying that a project delegate, acting as a delegate, should not block
binNEW uploads for a specific sort of check that's currently mandatory is
not at *all* the same thing as prohibiting developers from looking for
bugs. It doesn't do that at all. Anyone who does ftpmaster work would
still be able to (and encouraged to!) look for and file bugs just like any other developer. If those bugs are RC, they would be treated like any
other RC bug.

But the project is entitled to override the decisions of a project
delegate by GR if it so chooses (constitution 4.1.3), and one of the
reasons why the project may decide to do so is if we collectively believe
the project delegates have misjudged the trade-offs of making a particular process mandatory on the grounds that it catches some number of RC bugs.
The project may, for example, decide that yes, this process catches some
RC bugs, but the number of bugs caught are not worth the other impacts of
that process, and the RC bugs can be dealt with via other means.

--
Russ Allbery (rra@debian.org) <https://www.eyrie.org/~eagle/>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sunday, August 28, 2022 11:53:50 PM EDT Russ Allbery wrote:

Scott Kitterman <debian@kitterman.com> writes:

Sean Whitton <spwhitton@spwhitton.name> wrote:

I think we still want the binary package namespace checking?

I.e., a GR just saying "ftpteam should not do a full
licensing/copyright check for packages in binNEW".

Then no software changes are required.

I think that a GR to prohibit developers from looking for bugs is at
least in principle inconsistent with not hiding problems.

Saying that a project delegate, acting as a delegate, should not block
binNEW uploads for a specific sort of check that's currently mandatory is
not at *all* the same thing as prohibiting developers from looking for
bugs. It doesn't do that at all. Anyone who does ftpmaster work would
still be able to (and encouraged to!) look for and file bugs just like any other developer. If those bugs are RC, they would be treated like any
other RC bug.

But the project is entitled to override the decisions of a project
delegate by GR if it so chooses (constitution 4.1.3), and one of the
reasons why the project may decide to do so is if we collectively believe
the project delegates have misjudged the trade-offs of making a particular process mandatory on the grounds that it catches some number of RC bugs.
The project may, for example, decide that yes, this process catches some
RC bugs, but the number of bugs caught are not worth the other impacts of that process, and the RC bugs can be dealt with via other means.

I agree the project is entitled to override delegates.

If I look at a package and determine it's only in New due to a new binary package name and that means the project has prohibited me from looking for other issues in the package until some time later when it's not in New, then I feel pretty precisely like I'm prohibited from doing something.

OTOH, I suspect if this were to be project policy we'd come up with a way to mechanize it pretty quickly so it's not an issue that's worth spending a lot
of time on.

Scott K

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE53Kb/76FQA/u7iOxeNfe+5rVmvEFAmMMPV8ACgkQeNfe+5rV mvG6ig//QV7Oq8XWzypvHLxWk2H/QioSQPEmATrL2GhmL/5btzLGkX7tNsV8vOnr TeIFpfU6AW5QyH7xFaT6i9CkQEmbEjDHAnNmB4n/D1aGvGBmpGCz80WPRJZfVsik GUOqUyz4wg/yqOB1XECBtU/v25TeM5iQvXQUQy8sEAFcijG4VfsFHccvkx6xGX9L RV7Mp2hjU5vqimtFGXzvdsOzFOAJhRqiEzIvnx76AQkdWVzQgPOlUz9RsGHghTMI NXGR9HPdBQp29SaTxEBuESqRb4fGeMJUh2XrjzpNNsxplW6/zeI1P9jzP9PXaBwX 23kiTqEmCevmOTyVvc3coAtrZ2l+I2igZJ3hQX1No+CXOoMV3m2KgUU11vBFKuhp 2iUgzqcG69AfTv+6IVPDyGzvLBJ7flkc5RrU6lj+d+QnvKNQIt5JqqG+j1LAnln7 ZdutAcbcT9D97m+R/yumSM5YHH8hWxHJKL3VHgXfKI9yVKQY5O++yt7jgRUVklCj PEYjvi0H4t/rWD8e6Ml+64wH1wr+StGyvL2RUr8z0DiGsedfLN+L9ouqBC6SPJET 9P9O83CpwhtMJEIOf5wPFLBJ2ywXwaJKer4Ru2lCM94faeh1oolTwyteEEM9babX tA+zJf4fFSoSx/9mS/wZSXgo2kuNRhRkB9GtcIUH0DszKnOAzwE=
=Ss2L
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Scott Kitterman <debian@kitterman.com> writes:

If I look at a package and determine it's only in New due to a new
binary package name and that means the project has prohibited me from
looking for other issues in the package until some time later when it's
not in New, then I feel pretty precisely like I'm prohibited from doing something.

I think the part that will help this make sense and make it more obvious
that such a GR would not do this is to realize that ftpmaster has a
special ability not permitted to other members of the project, namely to
delay or block the upload of a package in its entirety.

I know I'm repeating myself, but to me it's just so central to this debate
to remember that preventing packages from entering the archive is *not*
how the project normally deals with RC bugs. There are a lot of good
reasons for why we don't normally handle RC bugs that way. The debate is precisely over when we want ftpmaster to exercise their special blocking superpowers not available to any other Developer, powers that exist only because of a delegation and are not normal Developer abilities.

Saying you cannot exercise that special ability to delay or block the
package from entering the archive, something that, for example, I have
never done or been able to do in the time that I've worked on Debian,
doesn't prohibit you from doing all the things that Debian Developers
normally do. You can see the bug and file the bug right away; you don't
need to wait! The point isn't to restrict what you look at as a human
being doing work; the point is to discuss when you can take a special
blocking action rather than take a normal RC bug reporting action.

--
Russ Allbery (rra@debian.org) <https://www.eyrie.org/~eagle/>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, Aug 28 2022 at 07:39:12 AM +02:00:00 +02:00:00, Andreas Tille <andreas@an3as.eu> wrote:

BTW, the vast amount of new packages I'm packaging are new
dependencies
for existing packages to get their new versions.

May be we should be able to tag packages with in NEW into categories
like this (similar to how a DD can give back a failed build via web
interface). This may need to go through a GR. If we prioritize packages
in NEW required for updating other dependencies, that can help things
faster. When I upload packages to NEW, I know some packages are
priority and some are not, but there is no way to express that
currently.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, Aug 29 2022 at 12:33:44 PM +05:30:00 +05:30:00, Pirate Praveen <praveen@onenetbeyond.org> wrote:

On Sun, Aug 28 2022 at 07:39:12 AM +02:00:00 +02:00:00, Andreas Tille <andreas@an3as.eu> wrote:

BTW, the vast amount of new packages I'm packaging are new
dependencies
for existing packages to get their new versions.

May be we should be able to tag packages with in NEW into categories
like this (similar to how a DD can give back a failed build via web interface). This may need to go through a GR. If we prioritize
packages in NEW required for updating other dependencies, that can
help things faster. When I upload packages to NEW, I know some
packages are priority and some are not, but there is no way to
express that currently.

Or we may also be able to reuse the urgency field in changelog if the
idea that "uploaders should be able to prioritize some packages in
NEW and ftp masters should check the priority queue before the normal
queue" is acceptable to the project.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2022-08-28 12:14 +0100, Simon McVittie wrote:

However, GObject-Introspection has worked approximately the way it
currently works since at least 2008, and was apparently fine.

Something of an aside from the current debate, but GObject
introspection introduced significant problems with cross-compiling
because the introspection process produces different results when done
on different architectures so you couldn't just cross- do it.

So it's not really 'fine', it's just adequate for most people most of
the time. It's in need of some significant core rework IMHO to get rid
of this very unhelpful (and not at all necessary) characteristic. I
did consider doing the work needed to fix this but didn't have the bandwidth/enthusiasm at the time. Maybe someone has fixed this in the
nearly a decade since I looked in to it and the point is moot? But I
doubt it.

Wookey
--
Principal hats: Debian, Wookware, ARM
http://wookware.org/

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEER4nvI8Pe/wVWh5yq+4YyUahvnkcFAmMMm9kACgkQ+4YyUahv nke8kQ/8Cv4rZXimndEkTvULapmGw3vjTFYZ7uystOdSFb+gQHo/dB0WMmhAJsfT sOP9yizjLp3UEOu9zqInjQQ9d7VE4pPa55B252qpwBsAk4rVzKf4ttHCppYTppPR 2+XAFdd2yNA86aezAS8PpwK8vxXyp6f5mcJobm9T3O784CW02kMwh5WNIH5VFkAj I30opzH1BDdvnZXPQ+dHQHOy138+XD4Dy5zndqLFljAQO6wB/+OV3C9qID6yXl6B x5/+Hmym+eMGqG5rtd1IqsFrO33Kth05q/nSX/uybDAc4pjlqPF1HNONArGwIiGb VYpAP9IHmOLcV+zumHf8+YlVsrmsQfU9Lh9unZh0nY0Tn0aFdsFyJBvqMAbkFwat kADK8PCA+Y0VPk76KEY+MshWmDo9SJykL5syZTbUdXYHdbT+oaxEEeWtQoegBagW b9gecviS/tSrlI2D0N5NZS6x83YHyEjN0K7qe8UJoUou2tBHe+3EL2Frhd7eiVst t9k+s0kd7QTdY/ZzABs2olz1UkDXtIfbL3R3wydJRuXTGhqZAo46xMCFkfzyVdb9 bHiu9+UFUj3tr26JwTf+BGz4IhxEVZm+4HmSvR/Hnpiveo0RUqh0KL0Vu05c5rlM xNfc+AdwB7Lf2IufmQVCslmPsqX0wh7zan34Vzi71ydaqmro6+c=
=+YX2
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Sean Whitton <spwhitton@spwhitton.name> wrote on 27/08/2022 at 20:24:55+0200:

[[PGP Signed Part:No public key for 695B7AE4BF066240 created at 2022-08-27T20:24:55+0200 using RSA]]
Hello,

On Sat 27 Aug 2022 at 04:22PM +02, Vincent Bernat wrote:

On 2022-08-27 15:53, M. Zhou wrote:

That's why I still hope ftp team to recruit more people. This is
a very direct and constructive way to speed up everything.
More volunteers = higher bandwidth.
Recruiting more people doesn't seem to have a serious disadvantage.

It does not seem to work. Either people don't want to do that, either the FTP
team is too picky on the candidates.

Some combination of both, but I don't think I'm suffering from bias if I
say that it's at least 80% the former. Very few people who say they'd
like to be trained confirm they'd still like to once they've had a look
at the docs for trainees, and after that, hardly any do enough trainee reviews for the other team members to feel confident they can let them
at it on their own.

I am the only trainee who made it through in recent years and that's
because I was highly systematic about doing lots of reviews each month.

There are some technical improvements that would be possible. For
example, feedback to trainees is entirely done via IRC; I would much
prefer us to be doing that by e-mail. But other team members disagree
with me, I think, and I do recognise I like e-mail more than most people
do. There are ways the tools could be better.

In general, however, existing team members, including myself, are pretty sceptical that technical improvements would be worth the time it would
take to implement them effectively. dak as a whole is less well
maintained than other core Debian software, but the NEW queue parts are pretty good!

So, the bulk of the problem boils down to project members not being interested in doing the work. I certainly understand this. It feels
just like grading student essays. Everyone finds that highly draining
at first, until you develop a sort of detachment from the activity,
where your mind is going through the motions of the activity sort of
like how your hands can be going through the motions of something like
food preparation for a familiar dish -- you have to learn that you won't
make worse judgements if you become detached in this way, just like how
you won't prepare a worse version of the dish if you do it in the
detached way. Then I just applied what I'd learned from grading to the
NEW queue, and then it's pretty fun and even relaxing when you're not in
a frame of mind to do harder thinking. But like I said, most people
don't want to do any of this, and of course being a trainee is *not*
like that.

And then recruitment is less efficient -- not enough feedback on trainee reviews -- because there aren't enough team members. The usual
compounding effect.

Hi,

I have been a trainee at the end of 2019 and beginning of 2020. What
drove me away is that it was taking some bandwith because I was not used
to the exercise (and TBH I kind of dislike MC which is needed a lot for
the job), and I got no feedback on my reviews. Not that did plenty of
them, but I did quite some.

After something like 3 to 4 months I went to try being useful (I
honestly felt useless as I got no feedback) somewhere else (MIA/NM
FrontDesk Team).

The job is not really a pleasure, it's true, but the team *needs* to
find a way to be more reactive when trainees try to do it, otherwise
they lose interest.

My 2 cents.
--
PEB

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEE5CQeth7uIW7ehIz87iFbn7jEWwsFAmMNTQsPHHBlYkBkZWJp YW4ub3JnAAoJEO4hW5+4xFsLqrcQAMaf5QN3YSCCNcVYRyo1+qSAjIouvqoRnxv5 NfgZM/TQoQC5Fmwg64CcjY/s6r5N3fYLKZEmYsyzfIyfoHQ9v/nhw7/P9sSpoV6S jD8faI/DIJMPlFs6MmpLqMZXdaEtLJWWIEf/iROlrFPKFNTTunsiDo7ghMeoM3m0 lEYOYZud0Y++5I/MkNSBPbz5UldtOQKigXUcm6rYzXX6ekGzdJCBnjNME11WhYo6 vC4Tw/i/ci7c4ENqjJ29w0Y9MyrjqHcFlt6Cp6Fru4evugrWmoGLMQS3ryV8C+yN pIg/RohWfyPdBYT8m8hBXlVu0hG28tVKpZoBkgw5P6gCkHjGYHR81kOfZFV8oNw5 4O7uKnyCEVVfolfRh+IOqUH00TGWH/e4b0f+U1mIsOe6arGDj2QFDybVA3qQaQIK IIZ8HSbye7F7bVOacizTM1g0NLTKsL228OMY/tNIVTJWW9EAox2gtejVTdH6Ll7q l4Al9hE8uw64SgU1qlRrA2r63wWAQsYD7aoBX73hvZtqUwvZ4BHtPoDzfYFcKF5U uIZevCVXSQjnvum6GkyDlf5rRMoXgH/w14vOZlnxY/5s3eFx+f2KKAW8Qes0NIxS KzT3vsKDrS5YsFsuJ3N6vf4fXN0KC5ojxH5EJJ7cKzn9mREee2+XDeDrR2SjeEgp
yF+x6C+7
=XEUx
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, 2022-08-29 at 12:33 +0530, Pirate Praveen wrote:

May be we should be able to tag packages with in NEW into categories
like this (similar to how a DD can give back a failed build via web interface). This may need to go through a GR. If we prioritize packages
in NEW required for updating other dependencies, that can help things
faster. When I upload packages to NEW, I know some packages are
priority and some are not, but there is no way to express that
currently.

The current ad-hoc way to ask the ftp-masters for expedited package
review is to state the package name and reason on the #debian-ftp IRC
channel. This seems to be accepted by ftp-master and it usually works.

--
bye,
pabs

https://wiki.debian.org/PaulWise

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEYQsotVz8/kXqG1Y7MRa6Xp/6aaMFAmMNZd0ACgkQMRa6Xp/6 aaPYNg/+NutRHdTqsW/QLx0DzsKhlSZm/zexBeK5wN7Vxqfs2ioyrcSWVyPPO4Mq gJfJdRa0PL30jnVQ2/9XWh9Y+65ZW82QOCMzQxPxyy5YPM0GfVXAWy9gn9FI8Ce8 OJgu9xNlCkfDUVBv2fNRwGR56qV1rvoOGl88orZ/5pRWSlY0tp7PRZI1E/bJ0wqN O+cTISlEYlCAa9c10ekTzK6mbBzYj3H8qpMGfJ5YjJTjxR5xTe6Ilvq5lq3djcq+ oU5gl/qfx4Em60hG7qXh4CgW1CCuJGL6zt9GlCTBs6JELef0jtcSaQ7a975C4Caw RDEYrcVjz6UrqQ9xP4IQCLoB+hHeBGLgvPOVvZCqwmwr2hb1r4AQl8TYs4aC4RkP /P/Sh9Cs+TZT5jSHfIJUn7/Iw1BLUwkNh0L5V12vFDoZ4y5QkaSSsZTTKI5zGLZe 32JZrdvNnNcEukloI5jV0tI+ZqpqzlvMNcreKGSNotKPYRAMY4Wd0kSq63wppa2t siaJteX4+H95YiJwUpM1mJXtphAMRuGRbHnzTI82sHeffEjr2Qy90TU4kcVcW0uO r2yPEVcsc4IM56iwFgMmfOFPCaRZOn9mc2+y3Bev6/+n2YIxOU7h6Lbyp5aWY9Gx vpi1leCv8QhimDMEc5xPLS0RxY5GqTRZFsPgZprv31pFVXqFzFI=
=F8il
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, 2022-08-29 at 11:58 +0100, Wookey wrote:

Something of an aside from the current debate, but GObject
introspection introduced significant problems with cross-compiling
because the introspection process produces different results when done
on different architectures so you couldn't just cross- do it.

It occurred to me that if the compiler/linker could be made to generate
the GI data and then something else split it out of the binary (similar
to how debug symbols work) then this issue could potentially be solved,
does that sound feasible at all?

Maybe someone has fixed this in the nearly a decade since I looked in
to it and the point is moot? But I doubt it.

It is still present. It got brought up at DebConf22 in the cross BoF
and is mentioned by helmut on #debian-bootstrap/etc when necessary.

--
bye,
pabs

https://wiki.debian.org/PaulWise

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEYQsotVz8/kXqG1Y7MRa6Xp/6aaMFAmMNZ5AACgkQMRa6Xp/6 aaNzPRAAvQnFiwpdrmm2tvPzL8m13u9g8OschQdVDPjHtCwsDsB1QJp/cTqbVXAT R1JLJCLps1caTU+0dOyZ75PTlWt23mvPTzJzJIIh9/mfks1B9pOGHciWDNMHA2oX CrXDyu1pjxWjINUGYB1Co7Oo06Nqz9qiF8OJT1zUwxHY6Nvl9VwUMJlebEi3fu/e IxiFPS84gCZTuH5DCoPGpUds+4qqAoE0QNEAXMT/qVLb/Pfq0jBPMGC61sgvHvRN 1h0jcl/WWCpETh4gb8AjP+yC5arbWRP8S3b/8Tr4rsatvttNKsV1pzvMfr0wUT2n fqnaplseHLw1Hk7U/TyU9WpKFH0OeajWwQAcXLlf3dO+QFIYj89cslerSrviTGet 0kAvbNOqCoJXi/SsiUFd4Jzn8/61iaIPzZhwDPT+BSr9qmUsD7Z1vqWa4n0+1BED ZcN1ZuqHewukM/BEjLqLIzBJfRfyzU2kCtV4Zwine4X56eyNKkGDNrm/Bo/k8Fqw zUd3qm1HKECgCZBrEbqiIkCM+J2PV6P54kc9f+6bgKwIP3XXQAol0GHX/SZEC/1X iwT/hf/de8PXXqbhKqEF9nMZqqHK2io42HYIA0ZHHvxoH6EfgM3/YjvkF02iZeGY rrW2jrNaf622yxjFr3SJZ1f1uWd9TyO2FXBIpeN6gsOkrY+0RUY=
=HxGZ
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, 29 Aug 2022 at 11:58:40 +0100, Wookey wrote:

Something of an aside from the current debate, but GObject
introspection introduced significant problems with cross-compiling
because the introspection process produces different results when done
on different architectures so you couldn't just cross- do it.

GObject is a runtime rather than compile-time type system (types are
defined by imperative code at runtime), and some of the information that
exists in GIR and typelibs is architecture-dependent, so fundamentally
it is not going to be entirely cross-compilation-friendly (although
it should be fine in any situation where it's possible to run simple host-architecture programs with qemu-user or similar).

The only way I can see for it to be cross-compilable would be to include a
copy of the interface description that would ordinarily have been captured
at runtime, in the source package; but then we'd get people complaining
that the package is not its own source code, again.

It is technically possible to hand-write the interface descriptions,
like the ones in src:gobject-introspection for subsets of the API
of non-GObject libraries like cairo and dbus, but for entire GObject
libraries that just sounds like a way to make it require more work and
include more mistakes, without actually improving anyone's situation.

Separating the GIR XML from the -dev packages would require quite a lot
of trips through NEW and a lot of build-dependency changes, but would
make it possible to disable introspection as a build profile without
breaking the rule that says build profiles must not cause functional differences in package contents, which would be enough to cross-compile
the C/C++ interfaces for use by non-introspected languages with the GIR disabled. If you would find this restructuring of the packaging useful,
it's probably too late for Debian 12/GNOME 43, but we could look into
it for the beginning of the Debian 13 cycle?

I *think* compiling the GIR XML (architecture-independent except for when
it isn't, like C headers) into typelibs (architecture-dependent binary
files, like C objects) might be possible to do on a cross basis at least
in principle, but it can't be done in practice because its prerequisite
GIR XML is missing in a cross-build. But I could be wrong about that.

It's in need of some significant core rework IMHO

I'm sorry, I do not have either the bandwidth or the level of influence to
be able to make upstream projects change their priorities. Please talk to upstream if you want to make major changes to how this stuff works - but
if you do that, please try to understand their goals and use-cases first,
to make sure you're not dismissing their highest priorities as unimportant while demanding that a lot of changes happen for the benefit of something
that they consider unimportant, which will not usually get anywhere.

smcv

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, 30 Aug 2022 at 09:27:44 +0800, Paul Wise wrote:

It occurred to me that if the compiler/linker could be made to generate
the GI data and then something else split it out of the binary (similar
to how debug symbols work) then this issue could potentially be solved,
does that sound feasible at all?

One of the things involved in GI data is the GObject type system, which
is a runtime rather than compile-time construct (types can be created programmatically at runtime), which is why it needs to use runtime introspection in the first place, and that suggests to me that this is
unlikely to be possible.

However, I don't know, and this is beyond my level of understanding
of the components involved. If someone wants to pursue this, please do
enough research to not make upstream feel like you are wasting their time,
then bring it up with upstream.

smcv

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, 29 Aug 2022 00:15:27 -0400, Scott Kitterman
<debian@kitterman.com> wrote:

If I look at a package and determine it's only in New due to a new binary >package name and that means the project has prohibited me from looking for >other issues in the package until some time later when it's not in New, then I >feel pretty precisely like I'm prohibited from doing something.

You could just not look at the packagein binNEW until you, with your
private hat on, had the time to look at the copyright file before
putting the ftpmaster hat on back again. Can mere mortals look at
packages in binNEW to inspect them for bugs in debian/copyright?

Of course, that would just circumvent the decision of the project and
not gain us anything.

Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! ----- Marc Haber | " Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom " |
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Sean Whitton writes ("Re: Comments on proposing NEW queue improvement (Re: Current NEW review process saps developer motivation"):

On Sat 27 Aug 2022 at 04:22PM +02, Vincent Bernat wrote:

It does not seem to work. Either people don't want to do that, either the FTP
team is too picky on the candidates.

Some combination of both, but I don't think I'm suffering from bias if I
say that it's at least 80% the former. Very few people who say they'd
like to be trained confirm they'd still like to once they've had a look
at the docs for trainees, and after that, hardly any do enough trainee reviews for the other team members to feel confident they can let them
at it on their own.

I am in this picture. Some years ago now I volunteered. I was
introduced to the internal ftpmaster documentation and processes. At
the time, these documents were not even published - including,
astonishingly, some elements which read like a manifesto. (I don't
know if these documents are published nowadays.)

What I saw was very far away from what I had expected or hoped and
expected to see - especially in terms of process and culture. In
particular it was far away from Debian's usual norms of transparency,
but there were many other problems.

I deecided I couldn't work with it. I could, of course, have tried to
be the change I wanted to see in the world. But, empirically, I'm not
the best person to be trying to lead organisational change in Debian.

As an institution, ftpmaster has been very successful in establishing
and maintaining its own norms and culture. (It does help of course
that it is a tremendously powerful team, whose cooperation is needed
by almost every developer.)

This has upsides: I'm personally strongly aligned with ftpmaster's
primary goals, and very supportive of most of their controversial
decisions (especially, the ones about what counts as source code).

But: the difficulties we have with ftpmaster are very deep-rooted, and
not simply a lack of volunteers.

Ian.

--
Ian Jackson <ijackson@chiark.greenend.org.uk> These opinions are my own.

Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hello,

On Fri 02 Sep 2022 at 12:31PM +01, Ian Jackson wrote:

Sean Whitton writes ("Re: Comments on proposing NEW queue improvement (Re: Current NEW review process saps developer motivation"):

On Sat 27 Aug 2022 at 04:22PM +02, Vincent Bernat wrote:

It does not seem to work. Either people don't want to do that, either the FTP
team is too picky on the candidates.

Some combination of both, but I don't think I'm suffering from bias if I
say that it's at least 80% the former. Very few people who say they'd
like to be trained confirm they'd still like to once they've had a look
at the docs for trainees, and after that, hardly any do enough trainee
reviews for the other team members to feel confident they can let them
at it on their own.

I am in this picture. Some years ago now I volunteered. I was
introduced to the internal ftpmaster documentation and processes. At
the time, these documents were not even published - including,
astonishingly, some elements which read like a manifesto. (I don't
know if these documents are published nowadays.)

They're all published, unedited
(one of the first things I worked on when I got involved).

<https://salsa.debian.org/ftp-team/manpages/-/tree/master/doc>

--
Sean Whitton

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJNBAEBCgA3FiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmMShDAZHHNwd2hpdHRv bkBzcHdoaXR0b24ubmFtZQAKCRBpW3rkvwZiQBcUEACEGI/OzoAx8kk8lqOvMxf6 j6wSynjv6spK8zc5GOBVotG8kMHpRg6MyWuTr4y1f0LYvK3bbFfbcbJ8Egf89POO rvSFhj95VazqXxd9plW681iLRYFiMngMDeKugp20w+CVqCWnczzfw1uxlvbEF7re OApAQ4kD6Tu21fyUBe0juslRyhj+Y8z01Uxkg9Xl1qvgDZglc1mr0oS4GzA6wY1N sMcxCz2QJFjs/NjZ2b46Wfo9z91smCYswln7zxR7tCpC47Jd9LVIGvjE3T/9T+FZ VO/0U/Q36jivXeJRQiKo/OfKz8POmpG0VTJBdkkhiIVZzLgVtPl7qNeWVlKRbyHY xsW9eR2Hmhkf6cloXHdret+GUjcSYmCKCOnh6Lv+S3DPZipFObdWA1cExl5Cd6hS 027nkKhVCjyfd3CoSk/utmuQpWpr5ljCxLUB98ZojDCRkQRkkLkvkhxsNELVU6TE l3mm40zoeJ6cNUxEyCMIglfoQqYhhjAJN41dGNF6oBMEDZw4WSpGUtKvj0hNjeFP Tbc+VYszYh00XEc2wYhUm0f0X/0OK/zF/X69qWMZuO82nP1AuZpGfdgyeckd4vuk 93J/kACSVP7WPclUAjMCr2RGw7uzUWb8YhbTHPf6BmT0XbY2wkH7BAHnrtm6n1iB lsU7UbjWh8CtsDB56W3Fhg=þxP
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usen