On Thu, Jul 19, 2001 at 02:17:03AM -0500, Adam Heath wrote: > On Tue, 17 Jul 2001, Anthony Towns wrote: > > > The sponsor is, as far as Debian is concerned. S/He's the one we trust to > > ensure that upload doesn't contain trojans, and the one we can actually > > identify if we have any need to. > > > > Sponsorship is a gaping hole in our trust model. > > Maybe sponsored packages go into a separate dist/, not sid/, but maybe > sponsors/? why? > Oh, and we need to make absolutely sure no sponsored packages ever > get into testing. no, sponsored packages are normal packages. IMHO sponsored packages normal 'better' packages, because _two_ 'maintainters' watch and test the code before the upload. maybe we need some guidelines. With this guidelines, we can secure that - every can see, that it is a sponsore packages - the sponsor get the bug reports (the sponsor-package@ thing) - the new maintainer is in nm.debian.org (but maybe without ID check now) - the qualities of the sponsoring (the watch and testing part) are the same. - <insert others points> If we need this, make a RFC, but don't close the door, don't put packages in a second class. Gruss Grisu -- Michael Bramer - a Debian Linux Developer http://www.debian.org PGP: finger grisu@db.debian.org -- Linux Sysadmin -- Use Debian Linux "I predict that Linux will kick major butt" -- Sean Gallager, Information Week
Attachment:
pgplqfFUbdpZR.pgp
Description: PGP signature