Re: Reforming the NM process
On 12 Apr 2006, Panu Kalliokoski said:
> (Please CC me on replies as I'm not subscribing the list.)
If you set Mail-Folllowup-To: atehwa@sange.fi, you would be
assured of such a CC from my MUA. I often do not catch such requests
in the body of the mail.
> The central problem and the only justification for the current
> procedures is that of establishing trust. I just fail to see why we
> trust our packagers _less_ than the upstreams they are packaging
> for.
We don't. Every package I have packaged, I have skimmed
through the source code (needed anyway to assure myself I can help
fix bugs and aid in development), and run the application is a
secure, highly audited sandbox, and onlyu then do I upload. I know
od at least one package that is not packaged since we do not trust
the upstream.
> I doubt many of those pieces of software ever receive the close
> scrutiny that the packaging work does.
This should not be true.
>
> Furthermore, it seems unfair that NM's have more stringent
> requirements than existing DD's.
Presumably, since DD's have passsed NM P&P at some point.
> For instance, for voting, I think the process of establishing the
> identity of one's PGP key should be enough. If Debian wants to
> continue as a technical meritocracy, the votes could be weighed with
> the "amount of contribution" that person has done for Debian.
The weights, currently, are 0, and 1.0.
manoj
--
In Mexico we have a word for sushi: bait. Josi Simon
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: