Bits from the DAMs

To: debian-devel-announce@lists.debian.org
Subject: Bits from the DAMs
From: Joerg Jaspert <joerg@debian.org>
Date: Thu, 10 Feb 2005 22:21:46 +0100
Message-id: <[🔎] 871xbo5cwl.fsf@vorlon.ganneff.de>
Mail-followup-to: debian-newmaint@lists.debian.org
Hi,

following the various "Bits from $foo" this is a small mail to summarize
whats up with "the DAMs".


Before anything else in this mail let us take the opportunity to say
thanks to all the Application Managers[1] and the members of the
Frontdesk out there doing the hard work. Without you the whole process
wouldn't work.


Topics in this mail:
 1. Introduction of the new DAM member
 2. IRC-Channel
 3. DAM-rules
 4. Emeritus (ex-Developer) Handling
 5. Handling of MiA-Maintainers
 6. Summary


1. Introduction of the new DAM member
-------------------------------------

First a small intro for all the people not knowing me:
I'm a Debian Developer since 16 April 2002, doing work for the New
Maintainers Process[2] since 22 June 2002. Since then I helped a lot
of people through the NM process, helped some to stay out, maintained some
packages and tried to be a bit visible on IRC.
At the end of 2004 I was appointed as a second DAM[3].

That much for the background. I'm now actively working on reducing the
backlog of the DAM-queue and already got around half[4] of it
processed. Looking at the time I needed for it, we can estimate that the
queue-size will be less than 10 somewhere at the beginning of March. (Not a
guarantee or promise, just a thing we try to do).


2. IRC-Channel
--------------

If you, as a AM or NM, ever have question around the whole process,
either ask them on the -newmaint list, or join #debian-newmaint on
irc.debian.org and ask there.


3. DAM-rules
------------

To give the DAM-stage in the process a bit more "openness", we list some
of the usual procedures we follow, that are important for you to know as
an AM/NM.

- We wont accept[5] applicants who have only one signature on their GPG-key
  if that signature is made by the advocate. If it has only a signature
  from the advocate at least another one from the web-of-trust is
  needed. Not neccessarly a DD to sign the key, any other well-connected
  key is sufficient.
  Applicants will be put on hold until this is fixed, but it shouldn't
  last too long.
  This is to avoid theoretical things against us/the applicants, that
  they are "faked" by the advocate, by providing one or more other
  signatures from different people.

- Also not accepted are people without traceable actions for
  Debian. Examples of this include
   - having only one package in the archive, with only one upload,
   - packages with dead upstream and no visible changes in Debian either,
   - a poor or non-existent handling of their bugs for the package(s).
  In simple words: No work done - no account. (Actually one shouldn't
  apply without having done some work and anyone who does is held by
  Frontdesk nowadays, but with the backlog we have it could get to this
  situation).
  Applicants will be put on hold for 3 months to allow them to change
  this. After 3 months the application will be reviewed and either
  accepted or soft-rejected[6]. For the timeframe for such a soft-reject
  - we will use 3 months.  After that they can re-apply, if they've done
  something more for Debian in the meantime, normal NM follows.

- There are a few applicants that were approved by their AM, but don't look
  ready for their account to us since things may have changed between
  the AM approving the applicant and us actually looking at the report.
  In this case one of us will inform the applicant and ask Frontdesk for
  a check of whatever we didn't like. This can either happen immediatly[7]
  or after 3 or 6 months (the application is set on hold for that time). 
  Worst case could be a soft-reject similar to above.


4. Emeritus (ex-Developer) Handling
-----------------------------------

So much for people going through the New Maintainer Process. But that's
not everything which is up to the DAMs to do. There are also these people
which have their pgp or gpg key in the emeritus keyring. Which means:
Developers who left the project following the normal rules to leave.[8]
Up to now we simply added them back, reactivating their account if
they asked for it, as described in a mail[9] from James Troup in May 2003.

For various reasons we're no longer entirely happy with this, so here is the
new way of handling this:
- The new contact point for returning developers is da-manager@d.o.
  People mailing keyring-maint@d.o will be redirected there.
- Joerg[10] then goes and does a small NM check with them. It is NOT a
  fullblown check like what is done with completly new maintainers. In
  fact it is about 20 questions around P&P and T&S, to make sure the
  most important parts are still known to the returning developer before
  they get the account back.
  They also need to prove that they still control the GPG/PGP key
  associated with the account. Or a proof of Identify on a new gpg key,
  of at least two signatures from other Developers.
- After this is successfully finished the account will be re-activated.

Rationale:
We ask every NM a whole bunch of questions and ask them to do various
things to be sure they know what they do if they get their accounts.
Why should anyone, who left the project maybe years ago, not have at
least a small check, to see if they still know the basics. After all
they get the same rights as every other Developer who is either
constantly doing work or who went through the whole NM process. And if
one left for a long time they may not be so up2date to the actual way
Debian (and packaging) works.


5. Handling of MiA-Maintainers
------------------------------

We've also decided to do a more regular (about two or three times a
year) MIA-check to have a cleaner view of who is actually a Developer.
The rules are similar to the ones from the last run, but detailed below
to have it all at one point.

The list of developers to consider in a run is built out of
 - has no package in the archive and wasn't seen in the last 6 month
   with a signed mail by echolon,
 - or we got a notice from the MIA-team that they decided to orphan the
   packages of the maintainer due to inactivity/unresponsiveness/whatever.

All developers in that list will get a mail, with a short notice what we
intend to do, and 2 months of time to answer to this one.
Mail bounces or no reaction will get the account 'disabled'.
Replies asking to leave will get the 'emeritus' state,
replies stating one is active need a reason why there is no activity
seen and then get out of that list.

The 'emeritus' state is for people who voluntarily retire.  Their
accounts are locked and their keys are moved to a separate keyring.
Their email will continue to work for 6 months.  They lose vote,
upload and -private reading privileges.

The 'disabled' state is for people who don't respond to maintainer
pings, their email bounces, or whatever - basically someone who's MIA.
Things are the same as 'emeritus', except their email won't continue
to work.  After a year in this state the accounts will be purged[11] and
will be available for reuse.

There is also a special state 'memorial' which is used for accounts that
are disabled but which we don't want reused to avoid confusion (at
best), e.g. with developers who've passed away.

People in 'emeritus' can get their account back following the guidelines
explained in paragraph 4.
People in 'disabled' need to go through NM again, but if their account
is still available then, they can request in NM to get that one back.

6. Summary
----------

For a short summary: DAM is now constantly working, approving people,
giving out accounts, simply doing stuff. We are always trying to get
better, so expect another "Bits of the DAMs" mail somewhere between now
and the end of the World.

Footnotes: 
 [1] http://nm.debian.org/whoisam.php
 [2] http://nm.debian.org
 [3] http://www.debian.org/devel/join/newmaint#DAM
 [4] At the time of this writing I have 39 applicants waiting for me to
     do something with them.
 [5] Of course there are possible exceptions for this, similar to the
     exceptions to the "You need a DD to sign your key" rule. But they are
     called *exceptions* for a reason. :)
 [6] Soft/Hard-Rejections are taken as detailed here:
     http://lists.debian.org/debian-newmaint-discuss/2001/04/msg00041.html
 [7] As immediate as they can do it. Either by doing it themselve or
     asking a free AM to do the work. Up to FD.
 [8] This means: Your key is in the emeritus keyring. If it is in the
     removed-keys keyring you are out of luck and need to go through the
     whole NM process.
 [9] http://lists.debian.org/debian-devel-announce/2003/05/msg00006.html
[10] For now only done by Joerg, but we can add other people from
     the NM area to this, if it gets too much work. It isn't likely to
     happen, as that is not as common as new applicants. :)
[11] Any files associated with the account will be either removed or
     moved to some holding area.

-- 
bye Joerg
Some NM:
main contains software that compiles with DFSG.
[hehehe, nice typo]
Of course, eye mean "complies", knot "compiles".  Sum typos cant bee
caught bye spelling checkers.
Attachment: pgpb2_raNh3DH.pgp
Description: PGP signature
Reply to:
Prev by Date: Call For Papers for DebConf5 in Helsinki
Next by Date: Work-needing packages report for Feb 11, 2005
Previous by thread: Call For Papers for DebConf5 in Helsinki
Next by thread: Work-needing packages report for Feb 11, 2005
Index(es):
- Date
- Thread