Re: making sponsorship easier and make (love && (!war))
>>>>> " " == Peter Novodvorsky <firstname.lastname@example.org> writes:
> Hello Debian-brothers and Debian-sisters! I'd like to make a
> proposal that suggests alternative to new-maintainer process:
> I'm writing a software named Sponsoring Build Daemon. It is
> aimed to help process of sponsoring for developer-sponsor.
> ---------- Package | SBD | Creator ---> | Incoming | -> (1) -->
> Ofic. Developer's Checks | Queue | | ---------- \ / ---------
> Debian Incoming Queue ------
> (1) This is where SBD makes his work. SBD takes files from
> incoming, checks signature of .changes file if it came from
> creator of package, builds it, checks if it is installable,
> lintians it (most common errors). If error appears, SBD mails
> log to package creator, In other case it moves compiled
> packages to developer's directory where he makes final checks,
> that couldn't be found with lintian. If everything is alright,
> he signs dsc and changes files and uploads to debian incoming
Compiling probably drains a lot of cpu time. On binary uploads let
lintian run first. Saves some cycles.
Secondly, if theres a large queue building up, give points for every
failed upload (like one for every error lintian produces and every
error make spits out or depending on how much cpu time it took to
fail) and reorder the queue by those points, lowest first.
If the queue gets long, people wasting time by uploading broken
packages will allways be at the end.
> I think it's clear. It should improve sponsoring process and
> make it faster. The only disadvantage I saw while not being
> debian developer is slow sponsoring process.
> As you see from scheme, developer's checks are necessary and
> developer using this software must be careful. Maybe we can
> make some sponsoring committee...
I like the idea of a sponsoring queue. The queue could first inform
the sponsor who did the last upload and 24h laters put it onto the
public list. Anyone willing to sponsor stuff can then request a job
from the queue.
I don't like the idea of a programm signing the uploads (or did I get
your wrong there). Also the queue should never accept Packages that
are not maintained by the sender, esspecially packages that are
maintained by a full maintainer, so no joker wastes time by puting a
trojan xfree on the queue. Maybe some loose gpg key exchange, meaning
without the lengthy process of the NM, should be used to validate