Expanding Universe and apt-get.org

Daniel Holbach dh at mailempfang.de
Thu Aug 11 09:46:53 CDT 2005


Hi everybody,

part of the ExpandingUniverse goal is importing as much reasonable
software from apt-get.org as possible. This is a worthwhile job, since
we

      * keep users from adding random repositories to
        their /etc/apt/sources.list,
      * stretch out our hands to other developers,
      * make Universe livelier.

The last import was quite chaotic and without the help of James Troup
and Martin Pitt, I wouldn't have succeeded at all.


So where do we go from here? How will Breezy be different? (All of the
following points are my opinion and suggestion for making it happen - if
you disagree, please reply to the list.)

Michael Vogt and I wrote python scripts, which are currently building
http://www.apt-get.org and drop reports onto our hard disk. (the scripts
can be found on http://ubuntu.gplan.info). Thank you very much Michael,
it was fun to work with you. You rock!

But building packages is not everything, we have to check packages for

     1. Sense - like "do we really want some ultra-experimental stuff in
        Breezy?"
     2. Security - like "check things like debian/post{rm,inst} and
        debian/pre{rm,inst}, SUID binaries, strange things in sbin/
        anything that makes you feel bad. Does it ship binaries?"
     3. Licensing - important - can we ship it?
     4. Packaging - how broken is it?
     5. Installability - does it work for you?

The current list can be found here: https://wiki.ubuntu.com/AptGetOrg

Please note: it's still work in progress and even after 1,4G of source
packages the build session is not finished yet. I will continue to add
repositories.


How do we organize it? I added six categories to each repository:

     1. FTBFS - does not build, but some can easily be made working
     2. need to be checked - package built, but that's it - refer to the
        check list
     3. insecure - you decided that package X is not includeable due to
        security issues
     4. no sense - explains it self :)
     5. license questionable 
     6. GO!

I hope we see a lot of reasonably checked packages in the GO! section
soon. James Troup will be able to sync from any distant place on earth
as long as he knows the source package name and deb-src line. If you
have to modify the package, please be sure to link to your debdiff. 

Please, never remove repositories, even after syncs were made. I want to
write notes to the package maintainer to report the inclusion of his
package.


Let's get things straight before we start. It will be big fun, since I
spotted already some packages which our users will love and which are
worth fixing. :-)

Have a nice day,
 Daniel


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.ubuntu.com/archives/ubuntu-devel/attachments/20050811/b545dbfd/attachment.pgp


More information about the ubuntu-devel mailing list