On Thu, Dec 10, 1998 at 01:47:53PM +0100, joost@pc47.mpn.cp.philips.com wrote: > Instead, "Compiler maintenance group" <egcs@packages.debian.org> and > "Debian boot floppies team" <debian-boot@packages.debian.org> should be > used. > > I wholehartedly agree that multi-maintainer groups should have a single > responsible person, but instead of kludgingly using qmail features or > certain general smtp options, the administration should really be the > responsibility of the Debian Project Secretary (who might in turn delegate > the practical work to another volunteer.) This way, there is much less > chance of a group responsible going AWOL and not properly passing on his > tasks to a successor. My only real concern with maintenance groups concerns PGP signing. I thought the existing tools use the Maintainer: field to determine what PGP key to check the dsc and changes signatures against? dinstall, and any user-level package integrity verification tools, should have a list of what people belong to which maintainenance groups, and accept PGP signatures on a package from any of those people. Unless, of course, only one person in a maintenance group is allowed to do the uploads. But I don't see that we need to be that strict. What occurred to me, but I think would be a bad idea, would be to create a PGP key for the maintainer group. To do that would greatly undermine the "irrefutability" feature of public key cryptography. Anyway, if we can address this concern of mine, I support the idea of maintenance groups. I have even have an idea of yet another package that might benefit from such a thing. <clears throat...> -- G. Branden Robinson | Reality is what refuses to go away when Debian GNU/Linux | I stop believing in it. branden@ecn.purdue.edu | -- Philip K. Dick cartoon.ecn.purdue.edu/~branden/ |
Attachment:
pgpNMz8J4OR9R.pgp
Description: PGP signature