Re: XS-DM-Upload-Allowed
I'm not happy about removing the tag, especially without having any
notification about it, as it has the meaning of effectively leaving me
out of a package I started myself. I'll think about it calmly and
decide what to do about it then. It's not a good thing to reply
angryly.
In any case, the rest of the team please tell what you think about
these tags, are you also against me being able to upload the games
directly to the archives?
Greetings,
Miry
PS: we're still short of sponsors, btw
2007/9/22, Bas Wijnen <wijnen@debian.org>:
> Hi,
>
> While sponsoring the new version of hex-a-hop, I encountered
> XS-DM-Upload-Allowed: yes
> Jens told me Miriam added this, not only there but also to many other
> packages. I removed it for the upload, and want to ask to remove them
> from the others as well. I'll explain here why.
>
> First of all, I'm a big proponent of the Debian Maintainer idea, and I
> think it would be very good to use this system also within the games
> team.
>
> However, it is important to know that this is about trust. Becoming a
> Debian Maintainer means you can upload some packages directly into the
> Debian archive, without a Debian Developer looking at them. Debian
> Developers have been "screened" by the NM process, and considered
> trustworthy. The sponsoring system uses this fact to allow others to
> prepare packages for the archive. They must then be checked by a
> Developer before they can enter.
>
> The problem that the Debian Maintainer idea is solving is that of a
> sponsor who has checked and found acceptable packages from some person,
> but this person doesn't want to become a Debian Developer (or is still
> in the queue). Then the sponsor may get tired of it, and the packager
> may get tired of waiting for the sponsor every time. That is no longer
> the case if the packager becomes a Debian Maintainer for the package.
>
> Because it's easier to become a DM than to become a DD, there are some
> technical barriers set up to prevent abuse of this system. These are:
> - It's (a bit) hard to become a DM. You need some people advocating
> you, and no people against it. And you need to accept the usual stuff
> (social contract, machine usage policy).
> - You can only upload your own packages. Those are the ones which have
> your name on them (in the version that's already in the archive).
> - You can only upload packages which are marked as "acceptable for DM
> upload" using the tag this message is about. (Well, without XS, so
> these tags don't do anything, but they suggest that adding the real
> tag is a detail).
>
> All three of these are important barriers IMO. They are all intended to
> prevent abuse. The first by not letting irresponsible people touch
> anything. The second by disallowing random changes all over the place
> (also to packages of other DMs), and the third by requiring explicit
> consent from a DD (the sponsor) for any package which may be touched.
>
> The abuse that can be done by adding these tags (without discussing with
> the sponsor) may not be huge, but it is not negligible either. And
> there is no reason the sponsor shouldn't specifically be told (and
> agree) when this happens. So I strongly suggest to remove them
> everywhere until there is agreement with the sponsor that this is a good
> idea for the specific package where the tag is added.
>
> And when it happens, it's a pretty big thing, so it should certainly be
> in debian/changelog.
>
> Finally, I'm trying not to sound too much like a policeman. If you
> disagree with my opinion, please reply and say why. These things can be
> discussed. :-)
>
> Thanks,
> Bas
>
> Ps: I am aware that there is currently no implementation for uploading
> by DMs. But when preparing for when that is done, we should
> consider things as if it's done already.
>
> --
> I encourage people to send encrypted e-mail (see http://www.gnupg.org).
> If you have problems reading my e-mail, use a better reader.
> Please send the central message of e-mails as plain text
> in the message body, not as HTML and definitely not as MS Word.
> Please do not use the MS Word format for attachments either.
> For more information, see http://pcbcn10.phys.rug.nl/e-mail.html
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFG9XJ2FShl+2J8z5URAn/wAKDxo9Qft5LokmIuPal72fP2eRpasQCfZAq/
> ylXgjk4Cn9xJldQMZv6q5y4=
> =h8gU
> -----END PGP SIGNATURE-----
>
>
Reply to: