Re: Multi-person sponsorship
Matthew Palmer <mpalmer@debian.org> writes:
> On Thu, Feb 19, 2004 at 01:05:08PM -0500, Joey Hess wrote:
> > Matthew Palmer wrote:
> > > > package I sponsor. I want to know if they are not able to send me a
> > > > package that will build properly. I want to work with them and be
> > >
> > > Since you only get packages for sponsorship which have built in a clean sid
> > > chroot out of my system, you can be fairly sure of that.
> >
> > As you've described the system, it sounds like my sponsee could make
> > several iterations with bad unbuildable packages before it is ever made
> > aailable to me to look at. This is what I want to avoid; if they are not
> > competant to upload a buildable package the first time, I want to know
> > that.
>
> Noted. An upload history per-person would address that point to some
> degree.
Just keep the buildd logs.
> > > I'm interested in how many of your sponsees do you know are/aren't doing,
> > > say, QA work quietly, or working on d-i, or doing bug triage? I know that
> > > at least one person I'm sponsoring isn't doing anything on anything else,
> > > because I used to work with him, but apart from that, the people whose
> > > packages I've sponsored could be working towards becoming DPL and I'd hardly
> > > know. Should I know these things? Do you think that a good sponsor should
> > > be doing these things, or that it's useful in the general case for a sponsor
> > > to know all of a sponsees other activities?
> >
> > I use filtering and scoring to keep track of such things reasonably
> > well. Unless they're sending patches to maintainers via private email or
> > something, I am likely to see anything they do in debian.
>
> Do you think that is a recommended activity for sponsors in general, or do
> you do it more for personal curiousity?
>
> > > > (I'd also like to see AM's making more use of this information. If I've
> > > > advocated someone, I can tell you what parts of T&S they have already,
> > > > IMHO, passed.)
> > >
> > > If you put that information into an advocacy report, does the AM ignore it,
> > > or are they not supposed to take other people's experiences into account?
> > > (That seems odd, considering that some NMs get their AMs switched on them).
> >
> > I didn't know we had avocacy reports, doesn't the current system only
> > let you enter their email address?
>
> >From memory (and this may have changed subsequently), after you say "yes I
> want to advocate this NM candidate", you get an e-mail saying "please fill
> in here why you advocate this person, and send it GPG signed back to us". I
> presume the comments in there would go into the NM's file.
>
> > > > (I also hope that nobody roots your autobuilder.)
> > >
> > > I'm not keen on ever providing the .debs that come out of the autobuilder.
> >
> > Beside the point. Inside the autobuilder, you are running possibly
> > untrusted code. It's only a local exploit away from running as root, at
>
> Yes, I did miss your point. Thank you for pointing it out.
>
> Now, does the autobuilder get moved to another machine, or do I just put on
> my scary face when adding people to the authorised uploaders list? <grin>
If you are using i386: umlbuilder
That way you need an uml exploit and a root exploit to use the uml
exploit.
MfG
Goswin
Reply to: