Re: [New maintainer] Working for Debian and becoming a registered Debian developer
> On 28 Jul 1999, Goswin Brederlow wrote:
> > If a sponsor has to read everything I write to check for backdors, he
> > could probably write the stuff himself and if he doesn't read it,
> > security is lost.
Uh, why doesn't the sponsor just read the diff.gz to check for backdoors?
The sponsoree cannot prevent the sponsor from comparing the orignal source
to the tarball being submitted. I think that security is not a real
concern. After all, the source and the BTS are available to everyone.
I think that a period of mentorship/sponsorship would be positive for
Debian as a whole. Trying to make head-or-tails of the policy manual
before you even realize that debian/rules is Makefile probably turns
potential contributors off.
And to your point on security, the new-maintainer interview process is not
that rigorous. Sponsorship would allow Debian maintainers to detect
people with bogus intentions (if that's what you're worried about)
*before* they became official maintainers.
I hope that idea catches on.
email@example.com | You don't get something for nothing,
http://www.mancill.com | You can't have freedom for free.