I have a compiler suite --- the Amsterdam Compiler Kit --- which I'm
thinking of packaging. Trouble is, it's a bit of a moving target as it
doesn't have releases and there's a slow trickle of activity making
changes. I could do a packaging for it and get it reviewed and uploaded,
but then I'd have to do it again basically every month. This seems like a
lot of work.
What I'd much rather do is to get it packaged and reviewed *once*, and then
set up automation which periodically compiles and uploads new versions from
the git repository.
At first glance this seems a bit problematic, as it would require uploading packages which haven't been reviewed by a human. I'd be relying on the automation to spot any potential problems. But, if the packaging's not
changing --- which should be detectable --- I'm not sure that a human
review adds much value. The codebase is huge and it'd be just as easy to
slip something nefarious through a human review as it would with automated reviews.
So, is there any way in which this could be done? Has anyone worked on
tooling for it that they can point me at? Realistically it'd make the difference between getting this into Debian and having the .deb files distributed via PPA or as manual sideloads...
<div dir="ltr">I have a compiler suite --- the Amsterdam Compiler Kit --- which I'm thinking of packaging. Trouble is, it's a bit of a moving target as it doesn't have releases and there's a slow trickle of activity making changes. I
could do a packaging for it and get it reviewed and uploaded, but then I'd have to do it again basically every month. This seems like a lot of work.<div><br></div><div>What I'd much rather do is to get it packaged and reviewed <i>once</i>, and
then set up automation which periodically compiles and uploads new versions from the git repository.</div><div><br></div><div>At first glance this seems a bit problematic, as it would require uploading packages which haven't been reviewed by a human.
I'd be relying on the automation to spot any potential problems. But, if the packaging's not changing --- which should be detectable --- I'm not sure that a human review adds much value. The codebase is huge and it'd be just as easy to
slip something nefarious through a human review as it would with automated reviews.</div><div><br></div><div>So, is there any way in which this could be done? Has anyone worked on tooling for it that they can point me at? Realistically it'd make the
difference between getting this into Debian and having the .deb files distributed via PPA or as manual sideloads...</div></div>
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)