Hi, following the various "Bits from $foo" this is a small mail to summarize whats up with "the DAMs". Before anything else in this mail let us take the opportunity to say thanks to all the Application Managers[1] and the members of the Frontdesk out there doing the hard work. Without you the whole process wouldn't work. Topics in this mail: 1. Introduction of the new DAM member 2. IRC-Channel 3. DAM-rules 4. Emeritus (ex-Developer) Handling 5. Handling of MiA-Maintainers 6. Summary 1. Introduction of the new DAM member ------------------------------------- First a small intro for all the people not knowing me: I'm a Debian Developer since 16 April 2002, doing work for the New Maintainers Process[2] since 22 June 2002. Since then I helped a lot of people through the NM process, helped some to stay out, maintained some packages and tried to be a bit visible on IRC. At the end of 2004 I was appointed as a second DAM[3]. That much for the background. I'm now actively working on reducing the backlog of the DAM-queue and already got around half[4] of it processed. Looking at the time I needed for it, we can estimate that the queue-size will be less than 10 somewhere at the beginning of March. (Not a guarantee or promise, just a thing we try to do). 2. IRC-Channel -------------- If you, as a AM or NM, ever have question around the whole process, either ask them on the -newmaint list, or join #debian-newmaint on irc.debian.org and ask there. 3. DAM-rules ------------ To give the DAM-stage in the process a bit more "openness", we list some of the usual procedures we follow, that are important for you to know as an AM/NM. - We wont accept[5] applicants who have only one signature on their GPG-key if that signature is made by the advocate. If it has only a signature from the advocate at least another one from the web-of-trust is needed. Not neccessarly a DD to sign the key, any other well-connected key is sufficient. Applicants will be put on hold until this is fixed, but it shouldn't last too long. This is to avoid theoretical things against us/the applicants, that they are "faked" by the advocate, by providing one or more other signatures from different people. - Also not accepted are people without traceable actions for Debian. Examples of this include - having only one package in the archive, with only one upload, - packages with dead upstream and no visible changes in Debian either, - a poor or non-existent handling of their bugs for the package(s). In simple words: No work done - no account. (Actually one shouldn't apply without having done some work and anyone who does is held by Frontdesk nowadays, but with the backlog we have it could get to this situation). Applicants will be put on hold for 3 months to allow them to change this. After 3 months the application will be reviewed and either accepted or soft-rejected[6]. For the timeframe for such a soft-reject - we will use 3 months. After that they can re-apply, if they've done something more for Debian in the meantime, normal NM follows. - There are a few applicants that were approved by their AM, but don't look ready for their account to us since things may have changed between the AM approving the applicant and us actually looking at the report. In this case one of us will inform the applicant and ask Frontdesk for a check of whatever we didn't like. This can either happen immediatly[7] or after 3 or 6 months (the application is set on hold for that time). Worst case could be a soft-reject similar to above. 4. Emeritus (ex-Developer) Handling ----------------------------------- So much for people going through the New Maintainer Process. But that's not everything which is up to the DAMs to do. There are also these people which have their pgp or gpg key in the emeritus keyring. Which means: Developers who left the project following the normal rules to leave.[8] Up to now we simply added them back, reactivating their account if they asked for it, as described in a mail[9] from James Troup in May 2003. For various reasons we're no longer entirely happy with this, so here is the new way of handling this: - The new contact point for returning developers is da-manager@d.o. People mailing keyring-maint@d.o will be redirected there. - Joerg[10] then goes and does a small NM check with them. It is NOT a fullblown check like what is done with completly new maintainers. In fact it is about 20 questions around P&P and T&S, to make sure the most important parts are still known to the returning developer before they get the account back. They also need to prove that they still control the GPG/PGP key associated with the account. Or a proof of Identify on a new gpg key, of at least two signatures from other Developers. - After this is successfully finished the account will be re-activated. Rationale: We ask every NM a whole bunch of questions and ask them to do various things to be sure they know what they do if they get their accounts. Why should anyone, who left the project maybe years ago, not have at least a small check, to see if they still know the basics. After all they get the same rights as every other Developer who is either constantly doing work or who went through the whole NM process. And if one left for a long time they may not be so up2date to the actual way Debian (and packaging) works. 5. Handling of MiA-Maintainers ------------------------------ We've also decided to do a more regular (about two or three times a year) MIA-check to have a cleaner view of who is actually a Developer. The rules are similar to the ones from the last run, but detailed below to have it all at one point. The list of developers to consider in a run is built out of - has no package in the archive and wasn't seen in the last 6 month with a signed mail by echolon, - or we got a notice from the MIA-team that they decided to orphan the packages of the maintainer due to inactivity/unresponsiveness/whatever. All developers in that list will get a mail, with a short notice what we intend to do, and 2 months of time to answer to this one. Mail bounces or no reaction will get the account 'disabled'. Replies asking to leave will get the 'emeritus' state, replies stating one is active need a reason why there is no activity seen and then get out of that list. The 'emeritus' state is for people who voluntarily retire. Their accounts are locked and their keys are moved to a separate keyring. Their email will continue to work for 6 months. They lose vote, upload and -private reading privileges. The 'disabled' state is for people who don't respond to maintainer pings, their email bounces, or whatever - basically someone who's MIA. Things are the same as 'emeritus', except their email won't continue to work. After a year in this state the accounts will be purged[11] and will be available for reuse. There is also a special state 'memorial' which is used for accounts that are disabled but which we don't want reused to avoid confusion (at best), e.g. with developers who've passed away. People in 'emeritus' can get their account back following the guidelines explained in paragraph 4. People in 'disabled' need to go through NM again, but if their account is still available then, they can request in NM to get that one back. 6. Summary ---------- For a short summary: DAM is now constantly working, approving people, giving out accounts, simply doing stuff. We are always trying to get better, so expect another "Bits of the DAMs" mail somewhere between now and the end of the World. Footnotes: [1] http://nm.debian.org/whoisam.php [2] http://nm.debian.org [3] http://www.debian.org/devel/join/newmaint#DAM [4] At the time of this writing I have 39 applicants waiting for me to do something with them. [5] Of course there are possible exceptions for this, similar to the exceptions to the "You need a DD to sign your key" rule. But they are called *exceptions* for a reason. :) [6] Soft/Hard-Rejections are taken as detailed here: http://lists.debian.org/debian-newmaint-discuss/2001/04/msg00041.html [7] As immediate as they can do it. Either by doing it themselve or asking a free AM to do the work. Up to FD. [8] This means: Your key is in the emeritus keyring. If it is in the removed-keys keyring you are out of luck and need to go through the whole NM process. [9] http://lists.debian.org/debian-devel-announce/2003/05/msg00006.html [10] For now only done by Joerg, but we can add other people from the NM area to this, if it gets too much work. It isn't likely to happen, as that is not as common as new applicants. :) [11] Any files associated with the account will be either removed or moved to some holding area. -- bye Joerg Some NM: main contains software that compiles with DFSG. [hehehe, nice typo] Of course, eye mean "complies", knot "compiles". Sum typos cant bee caught bye spelling checkers.
Attachment:
pgpb2_raNh3DH.pgp
Description: PGP signature