Anthony Towns <aj@azure.humbug.org.au> writes: > 1) A new keyring will be created, called the "Debian maintainers keyring". > It will be initially maintained in alioth subversion using the jetring > tool, with commit priveleges initially assigned to: > > * the Debian Account Managers (Joerg Jaspert, James Troup) > * the New-maintainer Front Desk (Christoph Berg, Marc Brockschmidt, > Brian Nelson) *cough* It would have been nice to inform people that you are planning to involve them in something like this :) > 2) The initial policy for an individual to be included in the keyring > will be: [...] > * that at least one Debian developer (preferable more) is willing > to advocate for the applicant's inclusion, in particular to the > fact that the applicant is technically competent and good to work > with. I would like to change this to "at least two", simply because I believe that this shouldn't be an actual problem for active maintainers. > 3) The initial policy for removals for the keyring will be under any of the > following circumstances: > > * the individual has become a Debian developer > * the individual has not annually reconfirmed their interest > * multiple Debian developers have requested the individual's > removal for non-spurious reasons; eg, due to problematic > uploads, unfixed bugs, or being unreasonably difficult to > work with. This part is broken and shouldn't end up in a final proposal. We need to decide on actual rules, otherwise this can lead to endless flamewars. > 5) The intial policy for the use of the Debian Maintainer keyring with the > Debian archive will be to accept uploads signed by a key in that keyring > provided: [...] I'm not too happy with this part. My idea was always to allow people upload rights for individual packages that have been checked once by a full DD - and even that doesn't make me happy. In general, there is a (not really small) number of DDs who sponsor crappy packages on a regular basis, simply because they don't know better. The number of RC bugs in such packages is quite high and often the packaging is not more than copying stuff from the DESTDIR of a make install to debian/$packagename. I agree that some software doesn't need more work, but a majority of packages could be improved a lot. The average (in)competence of DDs is what makes me believe that non-DDs shouldn't get to upload whatever software they would like to package. Ganneff has done a great job of doing QA in the NEW queue, but I don't want to rely on that. He is overworked anyway, the rest of the ftp-team doesn't really help with NEW processing and the number of packages waiting for manual actions usually doesn't help to do thorough individual QA checks. Call me bitter, I call it release team experience. Anyway, something more constructive: I think that from a QA point of view, allowing DMs to only upload packages that were once checked by some trustworthy person is a lot better than your proposal. Marc -- BOFH #229: wrong polarity of neutron flow
Attachment:
pgpTheZk0L6TQ.pgp
Description: PGP signature