On 10.02.2016 21:32, Dimitri John Ledkov wrote:
> This does not abolish the MIR process. If a hard binary dependency is
> gained (e.g. shared linking), the binary and source package still must
> go through MIR process and be published in main.
So an existing app package gains a new (universe) dependency on libfoo-dev.
Builds fine, maybe migrates, and then image builds fail because of the libfoo1
component mismatch. Now you can either pre-promote the libfoo, or re-upload app
without the dependency (if that works). This probably will lead to more
pre-promotions, and looking at the current back-log of security related MIRs the
time between build and promotion will increase, making it probably harder to
revert such a change.
I'm a bit worried that we'll then have to chase people to subscribe teams to the
new packages, write the MIR, ... We'll save some time by not processing B-D only
MIRs, but I think for the remaining MIRs we'll have to spend more time.
We unfortunately already have some kind of "dput and forget" attitude with
packages staying in -proposed. This change maybe will foster an "pre-approve
and forget" attitude.
Matthias
--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
