Re: (Unofficial) wireguard packages for Debian Stretch (testing)

Development discussion of WireGuard
 help / color / mirror / Atom feed

From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: David Anderson <dave@natulte.net>, wireguard@lists.zx2c4.com
Subject: Re: (Unofficial) wireguard packages for Debian Stretch (testing)
Date: Sun, 12 Feb 2017 18:01:34 -0500	[thread overview]
Message-ID: <874lzzqai9.fsf@alice.fifthhorseman.net> (raw)
In-Reply-To: <CAMx+r7WsvfJ6j7JT9+Z5mNe=FEFwehTVNgX+7-8vnQMa5FxORg@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 2229 bytes --]

On Fri 2017-02-10 19:23:50 -0500, David Anderson wrote:
> In case it's of use to anyone, I've built wireguard packages for Debian
> testing. I wanted to play with wireguard on my Debian Stretch systems, but
> wireguard is currently locked to Sid only until 1.0 brings API stability
> guarantees.
>
> So, I set up a cronjob that rebuilds the Sid source package on a Stretch
> system, and the result is wireguard packages that track the latest release,
> but don't pull in unstable versions of libc and whatnot when you try to
> install them, as would happen if you tried to install via package pinning.
>
> Naturally, you have only my word that the packages are unmodified rebuilds
> of Debian's original package, and you're trusting packagecloud to not
> tamper with the packages (it's their signing keys, not mine) so caveat
> emptor. It works for me, it might work for you as well.
>
> With the warnings and disclaimers out of the way, here's the repo:
> https://packagecloud.io/danderson/wireguard?filter=debs

I appreciate your interest in getting wider distribution for wireguard,
David, but i'm not convinced this approach makes much sense.

It seems like a lot of extra work compared to just putting wireguard
into stretch-backports once stretch is released.

Until stretch releases, people running testing should be able to just
add the unstable repository and pin it to be lower priority than testing
(see apt_preferences(5)).

Using this standard approach, users won't need to:

 a) add a new key to their apt configuration, which increases the attack
    surface for all installed packages (btw, the proposed shell pipe
    into "apt-key add -" is deprecated, see for example commentary at
    https://bugs.debian.org/853858)
 
 b) be dependent on some alternate suite of build daemons -- if debian
    supports your build environment, the buildds will have the wireguard
    packages.

So I don't see much to recommend the proposed approach by comparison,
and i don't think that it should be documented as a recommended approach
upstream, unless there are clearer benefits that i'm missing here.  In
that case, i'd like to know what those benefits are :)

         --dkg

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

next prev parent reply	other threads:[~2017-02-12 22:47 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-02-11  0:23 David Anderson
2017-02-11  9:03 ` Jason A. Donenfeld
2017-02-11  9:49   ` David Anderson
2017-02-11 10:04     ` Jason A. Donenfeld
2017-02-11 10:15       ` David Anderson
2017-02-11 10:17         ` Jason A. Donenfeld
2017-02-11 11:48           ` David Anderson
2017-02-11 13:28             ` Jason A. Donenfeld
2017-02-11 16:27             ` Baptiste Jonglez
2017-02-11 21:38               ` David Anderson
2017-02-11 12:32     ` Jason A. Donenfeld
2017-02-11 21:36       ` David Anderson
2017-02-12  2:40         ` David Anderson
2017-02-12 13:42           ` Jason A. Donenfeld
2017-02-12 23:01 ` Daniel Kahn Gillmor [this message]
2017-02-12 23:37   ` Jason A. Donenfeld
2017-02-14  4:55   ` David Anderson
2017-02-14 15:50     ` Daniel Kahn Gillmor
2017-02-15 21:31       ` Baptiste Jonglez
2017-02-17  2:46         ` Daniel Kahn Gillmor
2017-02-17  8:15           ` Baptiste Jonglez
2017-02-17 13:32             ` Jason A. Donenfeld
2017-02-17  3:14       ` David Anderson
2017-02-17 19:49         ` Daniel Kahn Gillmor
2017-02-20 23:53           ` David Anderson
2017-02-21  0:53             ` Ibrahim Tachijian

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=874lzzqai9.fsf@alice.fifthhorseman.net \
    --to=dkg@fifthhorseman.net \
    --cc=dave@natulte.net \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).