On Mon, Jul 16, 2001 at 03:50:52PM -0700, Joshua Haberman wrote: > * Previously Ari Pollak (compwiz@aripollak.com) wrote: > > > No NM progress -- not even an ID check. > > This is kind of prejudiced against NMs who do not easily have access to > > another maintainer for a keysigning > > Any sponsored package is installed into unstable, propagated through all > the mirrors, and implicitly bears the official Debian stamp. Is it really > a good idea to distribute and endorse the work of someone whose identity > hasn't yet been verified? I don't see the problem. I am a sponsor and I - download the orig.tar.gz myself - download the diff.gz from the NM - check the diff line by line (this is work) - build the package myself and test it. - after this all, I upload the package You, the sponsor, sig the package with your gpg-key. You open the door to the ftp-server, you must check the _package_ not the ID of the 'diff-file writer'. Gruss Grisu -- Michael Bramer - a Debian Linux Developer http://www.debian.org PGP: finger grisu@db.debian.org -- Linux Sysadmin -- Use Debian Linux »Heute ein König - Morgen eine Schnapsleiche«
Attachment:
pgpcu6MQsU4dR.pgp
Description: PGP signature