Debian Maintainers

To: debian-project@lists.debian.org
Subject: Debian Maintainers
From: Simon Huggins <huggie@earth.li>
Date: Thu, 31 May 2007 13:10:15 +0100
Message-id: <[🔎] 20070531121015.GS10193@paranoidfreak.co.uk>
Mail-followup-to: debian-project@lists.debian.org
In-reply-to: <[🔎] 20070531083753.GA32124@azure.humbug.org.au>
References: <[🔎] 20070531083753.GA32124@azure.humbug.org.au>

On Thu, May 31, 2007 at 06:37:53PM +1000, Anthony Towns wrote:
> First, the "Debian Maintainers" concept
> [..]
> I think the process should involve:
> 	- automated application process

This shouldn't be tricky.
Some webpage where the applicant applies and then they point some developers
at a page so that they can recommend/advocate him to be a DM.  Very similar
to nm.debian.org advocate bits.

e.g. https://nm.debian.org/nmadvocate.php?email=hgjghj%40hotmail.com
(which I presume is a fake application for NM but still)

The applicant would provide their keyid, email, name etc.

I think technically this is easy but we need to define who can advocate and
how much contact with the potential DM is needed (see below).

> 	- as close as feasible to automated keyring maintenance

jetring exists and was pretty much designed with this in mind so this should
be easy.

The format for the changesets so far seems to be:

Changed-By: Anthony Towns <ajt@debian.org>
Comment: adding holger as debian-maintainer
Date: Mon, 26 Feb 2007 18:25:59 +1000
Advocates:
  ajt - http://lists.debian.org/debian-newmaint/2007/01/msg00037.html
  kaol - http://lists.debian.org/debian-newmaint/2007/01/msg00038.html
[..]
KeyCheck:
  Receiving and checking key
  pub   1024D/AC583520 2004-05-18
        Key fingerprint = 480E 51BA FB08 CB41 75CC  91B1 5072 D036 AC58 3520
  uid                  Holger Levsen <holger@layer-acht.org>
[..]
NM-Page: https://nm.debian.org/nmstatus.php?email=debian%40layer-acht.org
Action: import
Data:
  -----BEGIN PGP PUBLIC KEY BLOCK-----
[..]

> 	- minimal requirements: gpg keyring signed by either one or two
> 	  developers, recommendation by a developer,

We have keycheck.sh [0] already (and it's already used in the above
changeset).

I think we want some standardised form of recommendations from developers.

How about asking:
	You're receiving this mail because you said you would recommend:
	  Applicant: Joe Bloggs <joe.bloggs@example.org>
	to be a Debian Maintainer, that is to get a key in the DM keyring
	and be allowed to upload packages to the archive.  As this is a
	privileged position, we'd ask that you only recommend people who
	deserve it and that you take the time to fill out the questions
	below.

	Be sure to sign this mail with your GPG key.

	- Is the applicant in NM?
	- If yes, are you their AM?
	- Have you sponsored packages into the archive for this applicant
	  (if so describe the quality of the work and the amount/frequency
	  of contributions)?
	- Have you worked on a packaging team for this applicant (if so
	  describe the quality of the work and the amount/frequency of
	  contributions)?
	- Have you reviewed other work for this applicant (if so describe
	  it)?

The responses are easy to collate and would be sent to some debian mailing
list to form the Advocate: bit of the gpg changeset above.

>	  use of existing fields such as "Maintainer:" and "Uploaders:" to
>	  control access, no provision for uploaders to do NMUs or upload
>	  NEW packages etc

aj, you're probably best placed to talk about how easy it is to implement
the dak changes needed.

> 	- policies developed by consensus and implemented individually by
> 	  developers, in a similar manner to policies for sponsored
> 	  uploads at present, rather than an individual or group setting
> 	  policy or approving applications (like DAM or NEW processing)

It may be hard to come to an agreement on who qualifies but I'd suggest:
	- anyone who is all the way through NM (i.e. after the AM report has
	  been checked by Front Desk) and applies would qualify almost
	  automatically given they can get a couple of developers to sign
	  off the above recommendations.
	- anyone that is strongly recommended by at least 2 developers who
	  have sponsored in packages for the applicant should be allowed
	  into the DM keyring.
	- anyone that is strongly recommended by at least 2 developers who
	  have worked with the applicant on a packaging team and have seen
	  the quality of their commits should be allowed into the DM
	  keyring.
	- or some combination of the above.

Does there need to be a period of time for the work?  3 months of
sponsorship/working with the applicant?  Less?  We don't want to put people
off but we need to trust them to a certain extent.

If it were easy for, say, any 2 developers to get an applicant removed
from the DM keyring by sending signed messages in then it would be easy
to lower the bar to applicants.

I'm not sure about other work that might qualify.  Since we're only talking
about the ability to upload it seems to make sense to restrict the
qualification to packaging work.

Comments?

Simon.

[0] http://alioth.debian.org/plugins/scmcvs/cvsweb.php/templates/keycheck.sh?cvsroot=nm-templates

-- 
oOoOo  "1 girl was just abducted." - Mulder "Kidnapped." - Scully  oOoOo
 oOoOo                "Potato, potato.." - Mulder                 oOoOo
  oOoOo                                                          oOoOo

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: Debian Maintainers oup
  - From: "cobaco (aka Bart Cornelis)" <cobaco@linux.be>

References:
- Two GR concepts for dicussion
  - From: Anthony Towns <aj@azure.humbug.org.au>

Prev by Date: Re: Two GR concepts for dicussion
Next by Date: Re: Debian Maintainers oup
Previous by thread: Re: Two GR concepts for dicussion
Next by thread: Re: Debian Maintainers oup
Index(es):
- Date
- Thread