I think this approach will be to messy, specially when the uploaded file are
libs.
other people might start using the libs as dependency and there we have a big
problem. ".deb" without sources.

I would suggest to use a tool like the oe/mud-builder to create recipes
and let "core" maintainer build binaries/do QA.

Libraries do not need to be uploaded that way if they are too complex. They
could follow the current route. 

But for normal apps, the web upload method would be much easier. If the
application needs to contain sources, then maybe the upload file should be a
capsulated zip with sources in one dir and the application at root level deb.

Comment 3 Quim Gil 2007-06-19 06:54:14 UTC

Added to http://maemo.org/intro/roadmap.html (Wishlist - Development). It would
be good to i.e. create a wiki page in order to keep an updated version of the
agreed request. We all agree on the problem but as far as I see there are
different ideas on how to solve it.

I think the dput is nice and easy way to upload packages (with or without
sources) to repositories. It wouldn't hurt to have a web form too, but keep the
dput still.

I know it has been discussed somewhere, but I think a stable and unstable
repositories would be useful. Everybody could upload to unstable, but the
package should go through some procedure (e.g. community voting) to get to the
stable. This would include all updates (i.e. only stable major releases should
try to apply to stable). A stable release means that, in addition to stable
behaviour, it works with all other packages fluently.

The stable repository must be stable enough that I could add it to my non-tech
friend's tablet without him breaking it later with upgrades.

I backup Kulve on that but dput should work on non debian installs (from within
the sbox!!!)


We need to discuss this somewhere I don't know where. There is an other point
we discussed on irc:

When I upload a new package I usually don't know on what platforms it will run
I am not sure the packaging is 100% oke (perhaps I am missing some deps>).
I guess that I want users to test. The basic flow for me would be to assume the
package is working (add it to all the repos) and based on feedback disable
packages. BTW I would create different packages for the different platforms...

the question how can we handle this flow

1)bleeding edge testing repo
2)make it possible to remove package from the repo's (bad idea??)

Moving to repositories component.

One reason for the web form is for example that I haven't found any dput nor
debsign -componets for OSX. If there are such, please let me know.

Of course, the natural question is: why develop on OSX in the first place?
Well, it's really easy to do python development on osx or windows and at the
moment, the only thing that would REQUIRE linux is to have access to the dput
and debsign commands. 

Considering that the current email that I got from garage instructing upload to
extras repo admits that the process looks complicated, would it not make sense
to also allow an easier way to upload to extras for the newbies?

I concur with the sentiment expressed here that we need either

1) a platform-independent way to upload packages, or
2) sign/upload functionality built into SDK.

I guess 2) would be harder because PGP/ssh keys a stored in the home directory
of the host user account. But, perhaps, manually copying them to SDK directory
will do the trick. I have just filed another upload bug #2813 regarding the
same issues. This is very frustrating. My hope is that we can somehow solve
this problem working together.

Hello 3rdshift

at least you have managed to upload from a non debian distro.
Makeing that possible again would be just fine by me!

Comment 10 Niels Breet 2008-04-28 13:05:58 UTC

There now is an assistant[1] that helps a new developer with requesting upload
rights and a way to upload (via browser) properly signed source packages to the
autobuilder.

The assistant checks if the file are signed properly and if their md5sums
match.

The assistant is still very basic and improvement ideas are welcome.

We still need to work out how we can help users with signing of packages. I
don't like the idea of uploading the private key to the webinterface. Any
solutions?

[1] https://garage.maemo.org/extras-assistant/index.php

Do we need to even sign the packages? If Nokia has the trace of who uploaded
and what, there could be a generic key to make the signature if it's uploaded
from a web form. This would make it so easy for the 'smalltime' developers such
as me. I've quite sure we would be getting a lot more packages to the extras if
the upload was as easy as using a web form. I don't mean replace the current
one, but just add another alternative to uploading to the repo.

You can also use PyPackager to build your package and upload it directly from
your tablet to extras or extras-devel.

http://khertan.net/

Comment 13 Quim Gil 2008-07-19 15:38:31 UTC

We have a whole new process for uploading packages to extras.

Solved? Fixed? Obsolete?

Comment 14 Ryan Abel 2008-07-19 23:22:12 UTC

(In reply to comment #13)
> We have a whole new process for uploading packages to extras.
> 
> Solved? Fixed? Obsolete?
> 

This one seems fixed, Niels may want to wait until everything is completely
up-to-speed, though.

Comment 15 Quim Gil 2008-07-20 00:35:05 UTC

Proposing fixed with 4.1+ milestone.

If you are suggesting that the assistant in here:
https://garage.maemo.org/extras-assistant/index.php

makes it any easier that it has been before, well, it doesn't. 

Khertans tool would actually make it easier if it had the debsigning and
uploading in place. 

I still do not have debsign -k<key_id> <package>.changes
in windows or osx. I need to use linux to do it. When I have the debsigned
file, the upload is just one more command on the command line. The hard part
for example for people who have made themes with theme maker is getting the
thing signed. What I would appreciate is that maemo.org would also support
maemo.org hosted (and generated) keys. Then the current web tool could just
accept any debian package sign it and upload it to the extras. User has anyway
been authenticated with the username/password, so doing the signing server side
is not that much more to do. 

Anyway, just my 2 cents. 

I'll talk to khertan to get a better upload support to the pypackager (or
perhaps make an debian upload tool to maemo to go alongside it). I think it's
going to be easier for all of us. 

Resolving as fixed.