Davide Inglima | 19 Feb 15:58 2003

Re: Doom of Debian Re: Debian Weekly News - February 18th, 2003

Sean Hunter wrote:
> On Tue, Feb 18, 2003 at 11:02:36PM +0100, Davide Inglima wrote:
>> Martin Schulze wrote:

>> While Anthony's proposal of "Reviewing all upstream changes" makes sense on 
>> a security standpoint, it will put the necessary strain to Debian to 
>> self-destruct the distribution. 

> Right.  There are some who believe that the strength of open source lies
> in ubiquitous peer review.  Debian (and open source software in general)
> can _only_ benefit from more review, and upstream authors might actually
> pull their socks up and improve their code if they knew other's would
> read the diffs.

See later.

>> There already are problems to port 6000+ 
>> packages on (how many? 7? 11?) different architectures, this harmful easter 
>> egg could be the drop that tops off the distribution. I have already begun 
>> to see growing disaffection to GNU/Linux by former enthusiast people, and 
>> this can simply spell the final doom on the credibility of open-source.

> This is utter nonsense.  The point of Debian is not to have gazillions
> of k3wl packages.  The point is to have software that works well.

Ok, that's a good point, but at the moment Debian boasts something like:

"Debian GNU/Linux provides more than a pure OS: it comes with more than 8710 
packages, precompiled software bundled up in a nice format for easy installation 
on your machine."

This is on w.d.o main page... and if I go to the installation manual


I can see something like 11 architectures supported by the current distribution.
If I open aptitude or dselect or browse the list of packages, I can see
gazillions of k3wl packages which are old and many times don't work well, or 
come without documentation, for gazillions of architectures

> In other words Open source gains credibility from quality.  Quality comes
> from rigourous peer evaluation.  This is a key difference with closed
> source and is one of the unique selling points of open source.  People
> review the code.

> I personally don't give a shit whether micq is in Debian.  I do care
> about the fact that maintainers are simply accepting patches into
> packages I do use without reviewing them.  That lowers quality and leads
> to lack of credibility.

And nobody was contesting that.

I was only trying to state that:

1) Debian is already a huge project, maybe really bigger than the needed, with
    many packages with pending bugs from 200+ days, and many other packages
    that don't fit the (complex) debian policy

2) becoming a Debian mantainer is already a complex and time-consuming process:
    if you put on top of all the complexities of mantaining a single packages the
    right NEED of peer-reviewing _every_ _single_ _line_ of diff that comes
    from upstream from version to version of any single software package, then,
    you add other strain to an already burdened distribution.

3) either [1] Debian has the guts to cut the number of packages that it ships,
    or the Debian mantainers become part of the upstream package devteam for
    any single package they mantain, or, simply put, the distribution will be

[1] This is all IMO and in my flacky ability of reading in the crystal sphere.


                               Davide Inglima
          "The question of whether computers can think is like the"
        "question of whether submarines can swim." -- Edsgar Dijkstra
                  mailto:inglima.davide <at> educ.di.unito.it
					  mailto:hadesnebula <at> libero.it