Path: csiph.com!news.mixmin.net!aioe.org!bofh.it!news.nic.it!robomod From: Sam Kuper Newsgroups: linux.debian.maint.java Subject: Re: List of consultants focusing on Debian packaging for Java? Date: Mon, 07 Dec 2020 18:30:01 +0100 Message-ID: References: X-Original-To: debian-java@lists.debian.org X-Mailbox-Line: From debian-java-request@lists.debian.org Mon Dec 7 17:26:36 2020 Old-Return-Path: X-Amavis-Spam-Status: No, score=-9.398 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FOURLA=0.1, LDO_WHITELIST=-5, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001] autolearn=ham autolearn_force=no X-Policyd-Weight: using cached result; rate: -5.5 Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1607361982; bh=vNRnAm5W6FBeteyCTmMIr1f5zYNaukekOvGARESpCRI=; h=Date:From:To:Subject:From; b=ggaR4EYA2q8AkO3dWMYH5Hb8c5BErjtvRHwxsmn3PnTzMBFfcaiyi0oon4Lfvrm3k hWiYTFoZy+Agwe61sll4eI4L9GHquOzcFQKf0u6MYnRu4WD0Frow7AqsG1nAj1Kf9c 4f2bh0nWsAGF46FrVs92KSAhiDOKWaebcUbuow7jZhgzjBbsrkQ0BvmykMBgj6TD7j 8cNlWjwz+1cP8RvKXg5Kin4JSxeASR1wJMmPSenEbnMFztQBfgQkoNzYErmZfeSVTt SnA+e4ai6uNCJTDVkESbYRqDzQ7wxyPr0uKp6uER94qjd8Zq8bVdhdFRVjqmlKCWUB 6g+8hOArXAMCA== Mail-Followup-To: debian-java@lists.debian.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Mailing-List: archive/latest/22601 List-ID: List-URL: List-Archive: https://lists.debian.org/msgid-search/20201207172616.25p4yic7i7w64l5r@posteo.net Approved: robomod@news.nic.it Lines: 40 Organization: linux.* mail to news gateway Sender: robomod@news.nic.it X-Original-Date: Mon, 7 Dec 2020 17:26:16 +0000 X-Original-Message-ID: <20201207172616.25p4yic7i7w64l5r@posteo.net> X-Original-References: <354d15b9-1b12-317a-93ab-c825b7bdb4b0@antonin.delpeuch.eu> <18592dac9edda0ed5228d30df3a6c1d77c35c971.camel@debian.org> <121016a6b77be1f1d013033d9b9cb2cdf14e2afe.camel@debian.org> <69bbbe3f-887a-c542-9b46-8173fdd48131@antonin.delpeuch.eu> <9272466e-c771-3b08-7c2f-205fa4d92912@at.or.at> Xref: csiph.com linux.debian.maint.java:11976 On Mon, Dec 07, 2020 at 02:26:01PM +0100, Hans-Christoph Steiner wrote: > Third party package repositories are a thing, like Ubuntu PPAs, aptly, > JFrog Debian Repositories, etc. Unfortunately, due to Debian Apt's > design, that means giving root access to each repository (package > pre-install/remove/etc scripts are run as root). So installing via > external repositories means the user need to consider whether they > trust those third party repositories with root access. It isn't entirely unfortunate. Users, and especially system administrators, ought to be minimally trusting of external resources. The TCB must be kept small, or security is an illusion. Apt's design, IMO, encourages people to think twice - and ideally to stop themselves - before they install software. Especially software from outside Main, and *especially* software from outside Debian. Put differently: yes, third party package repositories are a thing. But they are mostly not a good thing, and they should probably not be encouraged. Far, far better for the OP to keep the focus on getting OpenRefine into Debian properly, rather than to consider expending time and resources on less beneficial outcomes. (BTW, Hans-Christoph, I think you were, above, trying to point out pitfalls of third party repositories; not trying to encourage their use. So, my email is not intended as a dig at you at all. I just wanted to point out that Apt's design is in many ways something to be glad about. I am grateful to the Apt developers and to responsible Debian packagers everywhere, and I would be happy for this gratitude to one day also extend to whoever ends up packaging OpenRefine for Debian.) -- A: When it messes up the order in which people normally read text. Q: When is top-posting a bad thing? () ASCII ribbon campaign. Please avoid HTML emails & proprietary /\ file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you.