[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sponsor rules



On Mon, Jul 16, 2001 at 03:50:52PM -0700, Joshua Haberman wrote:
> * Previously Ari Pollak (compwiz@aripollak.com) wrote:
> > >   No NM progress -- not even an ID check.
> > This is kind of prejudiced against NMs who do not easily have access to
> > another maintainer for a keysigning
> 
> Any sponsored package is installed into unstable, propagated through all
> the mirrors, and implicitly bears the official Debian stamp. Is it really
> a good idea to distribute and endorse the work of someone whose identity
> hasn't yet been verified?

I don't see the problem.

I am a sponsor and I 
 - download the orig.tar.gz myself
 - download the diff.gz from the NM
 - check the diff line by line (this is work)
 - build the package myself and test it.
 - after this all, I upload the package 

You, the sponsor, sig the package with your gpg-key.
You open the door to the ftp-server, you must check the _package_ not
the ID of the 'diff-file writer'.


Gruss
Grisu
-- 
Michael Bramer  -  a Debian Linux Developer http://www.debian.org
PGP: finger grisu@db.debian.org  -- Linux Sysadmin   -- Use Debian Linux
»Heute ein König - Morgen eine Schnapsleiche«

Attachment: pgpyVChKbMMKJ.pgp
Description: PGP signature


Reply to: