Comment 8 for bug 1063469

Revision history for this message
Rogério Theodoro de Brito (rbrito) wrote : Re: [Bug 1063469] Re: Disable --update option

Hi.

On Thu, Nov 7, 2013 at 7:34 PM, TomasHnyk <email address hidden> wrote:
> I do not understand this. First, it should be fix released for non-
> specific version of ubuntu as I cannot update in Saucy.

You can usually grab the newest versions of youtube-dl from Debian
unstable, as that is where I'm doing my job. I think that I can set up
something (say a reminder) to ask Ubuntu to sync from Debian every
time that I upload a new version.

I plan on uploading one this weekend by the way.

> Second, there is nothing automatic about this. The user must explicitly
> download a new version (and even provide the password). If he does not
> trust it, he should not do that.
>
> Would not an explicit warning be better then just removing the option?
>
> i.e.:
> 1) sudo youtube-dl -U
> 2) there is no way to know that youtube-dl is not evil, do you know what you are doing? yes/no

In my Debian packages, I don't consider the option of removing the
update, as it is, exactly as you say, a strictly voluntary option of
the user.

I consider this the equivalent of removing the option of the user to
download python packages via pip, perl packages via cpan, node.js
packages via npm, eclipse extensions etc.

So, as long as I maintain youtube-dl in Debian, the Debian package
won't be patched and will be as similar to upstream as possible (and,
in fact, I have avoided patching youtube-dl in Debian and submitted my
changes upstream directly *before* I incorporated them in Debian).

> This just means that youtube-dl gets useless early (or even before) the
> distribution is released as I do not think it qualifies for a SRU. Then
> the users must download the software from upstream defeating the purpose
> of a distribution.

Indeed. This kind of software is a moving target. See my long comments
on Debian's NEWS file regarding the changes in Youtube's provision of
videos with audio and video in separate. The next upload that I do
will have fixes for vimeo, as they have changed things.

In other words, web scrapers consist of a class of packages that don't
really qualify for an long term release. The same thing happens with
browsers, but a big browser is simply a very large program, while the
program that I package is a small one that people can even opt to not
ship in a release.

What do all the big browsers and the web scrapers have in common? They
manipulate changing code provided by 3rd parties.

Regards,

--
Rogério Brito : rbrito@{ime.usp.br,gmail.com} : GPG key 4096R/BCFCAAAA
http://cynic.cc/blog/ : github.com/rbrito : profiles.google.com/rbrito
DebianQA: http://qa.debian.org/developer.php?login=rbrito%40ime.usp.br