[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: egcc maintainer

On Thu, Dec 10, 1998 at 01:47:53PM +0100, joost@pc47.mpn.cp.philips.com wrote:
> Instead, "Compiler maintenance group" <egcs@packages.debian.org> and
> "Debian boot floppies team" <debian-boot@packages.debian.org> should be
> used. 
> I wholehartedly agree that multi-maintainer groups should have a single
> responsible person, but instead of kludgingly using qmail features or
> certain general smtp options, the administration should really be the
> responsibility of the Debian Project Secretary (who might in turn delegate
> the practical work to another volunteer.)  This way, there is much less
> chance of a group responsible going AWOL and not properly passing on his
> tasks to a successor. 

My only real concern with maintenance groups concerns PGP signing.  I
thought the existing tools use the Maintainer: field to determine what PGP
key to check the dsc and changes signatures against?  dinstall, and any
user-level package integrity verification tools, should have a list of what
people belong to which maintainenance groups, and accept PGP signatures on
a package from any of those people.

Unless, of course, only one person in a maintenance group is allowed to do
the uploads.  But I don't see that we need to be that strict.

What occurred to me, but I think would be a bad idea, would be to create a
PGP key for the maintainer group.  To do that would greatly undermine the
"irrefutability" feature of public key cryptography.

Anyway, if we can address this concern of mine, I support the idea of
maintenance groups.  I have even have an idea of yet another package that
might benefit from such a thing.

<clears throat...>

G. Branden Robinson              |   Reality is what refuses to go away when
Debian GNU/Linux                 |   I stop believing in it.
branden@ecn.purdue.edu           |   -- Philip K. Dick
cartoon.ecn.purdue.edu/~branden/ |

Attachment: pgpNMz8J4OR9R.pgp
Description: PGP signature

Reply to: