[Pkg-rust-maintainers] Bug#945542: debcargo -- Randomly adds and removes binary packages

Ximin Luo infinity0 at debian.org
Tue Nov 26 22:25:51 GMT 2019 

Control: severity -1 normal

Bastian Blank:
> Package: debcargo
> Severity: serious
> 
> Hi Sylvestre
> 
> I'm filling this as bug now.  Please discuss this issue there.
> 
> I'm setting it to serious as several ftp team members told you not to do
> that.
> 
> On Thu, Oct 17, 2019 at 06:57:33PM +0200, Sylvestre Ledru wrote:
>> Le 17/10/2019 à 18:52, Ansgar a écrit :
>>> Sylvestre Ledru writes:
>>>> Moreover, the creation (or deletion) of new packages is automatically
>>>> managed by debcargo (our tooling).
>>> Why do you need to automatically create/remove binary packages?
>> Because it is the way it is managed in Rust packages. This is done to
>> express what
>> the package provides. For now, it has been working very well.
>>
>> But this isn't an issue specific to Rust. Having to go through NEW when it
>> is the same
>> source isn't a good use of our time and introduces some unnecessary latency
>> and frustration.
>>

The more precise reason, as I have explained many times already, is because the cargo package manager supports crates having optional dependencies. It is not feasible to automatically merge optional-dependency-sets together because it results in dependency loops that would not otherwise exist. It is not economically feasible to manually merge these sets together either, because it is boring and time-consuming work, error-prone (hard to manually tell if you did or did not introduce a cycle) and of questionable benefit.

I do not see any users complaining about this behaviour of our automatic tooling. We would be happy to work towards a patch on any Debian infrastructure to make these processes smoother. There is no reason why adding and removing empty metadata-only packages should require manual oversight, and if one is (and one should be) interested in automating the amount of manual work involved in maintaining Debian infrastructure, this is one obvious tedious task to automate away.

We are all volunteers, there is no "job security" here, why are we manually reviewing empty packages and we are we trying to conserve a process that involves manually reviewing empty packages?

X

-- 
GPG: ed25519/56034877E1F87C35
GPG: rsa4096/1318EFAC5FBBDBCE
https://github.com/infinity0/pubkeys.git

More information about the Pkg-rust-maintainers mailing list