[Repositories-devel] Re: repositories.alioth.debian.org

Joel Baker fenton@debian.org
Fri, 17 Oct 2003 13:16:47 -0600 

--zhXaljGHf11kAtnf
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Oct 17, 2003 at 03:28:10PM +0100, Mark Howard wrote:
> The main development work I think needs doing for the project includes:
> - checking gpg signatures. Ability to specify keyrings per repository
>   (e.g. so some repositories can include NMs).

This is already functional in debpool; the GnuPG module has the core code
which handles this (and you are, of course, welcome to either steal it, or
make requests for development, whichever you find more suitable).

> - Improving archive generation. AFAIK, mini-dinstall has a number of
>   flaws, including not deleting old files. You probably all know more
>   about this than me at the moment. Note: I chose mini-dinstall because
>   it was the easiest thing I knew of at the time. The project is
>   certainly not tied to it forever.

I'm not *entirely* satisified with how debpool does this right now;
basically, it goes through the pool area, and checks the version on every
file (as encoded in the filename) against it's list of known versions (in
various distributions). If it doesn't find it anywhere, it assumes that
it's a stale/outdated file, and removes it.

Future wishlist things include potentially handling an explicit delete
request on a version, and an automated delete-on-newer-package logic,
which would turn the version-checker into something that produced warnings
instead of deletions, and only ran as a consistancy check.

> - Upload announcements, web pages showing new uploads for each project.

Hmmm. I see a new feature for my TODO list. :)

> - Package browser for each project similar to packages.d.o

This one, I don't know if I can help much with.

> - Lint tests on new packages

This would probably fall out of the announcements, above (or, rather,
announcements would probably fall out of this); hooks come to mind.

> - Require repository manager approval for NEW uploads.=20

Not currently implemented, entirely possible (even fairly easy) to handle.

> - (hard) Automatic building of packages.

See 'hooks', above. Though the concept of a hook which replaced the
packages involved would be... interesting. Is there a reason the current
autobuilder daemons can't do this, however? If so, what are the constraints
involved?

See above; even if you don't use debpool at any point, you're quite
welcome to crib from the code for things that are already working.
--=20
Joel Baker <fenton@debian.org>                                        ,''`.
Debian GNU NetBSD/i386 porter                                        : :' :
                                                                     `. `'
				                                       `-

--zhXaljGHf11kAtnf
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/kEAflZCPwGNtWe4RAuxrAKCWHhghEFUR+22+6vavdvIP4QUkTACZAXJO
pmhRHIe2AShvsSnNZLEcZDA=
=Db8J
-----END PGP SIGNATURE-----

--zhXaljGHf11kAtnf--