[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: soundtracker not updated ?


Quoting David Starner (dstarner98@aasaa.ofe.org):
> Sure, you can impeach a developer, but it's not simple or precedented. 
> To deny access to a sponsoree, you simply mention what he or she did 
> wrong on debian-private (and maybe debian-devel), and if it's actually
> something worth banning them for, nobody's going to sponsor them. And
> if someone does, then that developer is putting _their_ reputation on
> the line and you can impeach them. 
True. But that's not the way the Debian organisation was designed. It was
designed to have people called 'Maintainers' maintain software, have them
package it, check it, and upload it; having a strict web of trust
between them, strict policies, and strict skill/philosophy/identification

> Frankly, you can't stop any developer from getting the sources from
> anywhere they want, short of kicking them out. If you upload the 
> package you take responsibility for it. If you think a particular
> upstream or midstream is untrustworthy, than point it out; but in 
> general, that's the developer's choice and responsiblity.
Also true; as a matter of fact, this is what a developer does: taking
sources from anywhere they want, and packaging them. Taking responsability
for the result, maintaining them as a debian package, etc., etc.

If a sponsoree has to do all this, just as a 'regular' Debian developer, why
on earth should this person not be 'bound' in the same way a regular
developer is ? Why shouldn't he/she not pass the same test ?
Why should there be a bypass called sponsorship, that exists to allow people
to do what a developer does, without being one ?
IMHO, sponsorship - as said earlier in this thread - is _only_ useful for
people who are in the NM queue, are not trough the process yet, and want to
get some Debian-work done. This is what it was designed for.
Using sponsorship for longer-term package development/maintenance is
something that belongs to a developer, not a sponsoree.
We now have a situation where sponsorship is an accepted and normal way to
do things ('i want this in debian, can anybody sponsor it? / sure, i'll
upload it for you!'), while it was a temporary measurement when NM was
I do not oppose to sponsorship in the first stages of becoming a developer.
I do oppose to it for regular maintenance, for reasons of security,
trustworthyness, clarity, and 'the way things are done'.
If somebody wants to maintain software for Debian,let them apply in NM, 
get their stuff sponsored in the meantime, and let them take over after
they're trough.

I'm very sorry if i sound uptight about this whole sponsorship thing, I seem
to be one of not-that-many people thinking about it like this. Maybe my
ideas of how things work are totally off and nuts and all.. I just see this
whole sponsorship thing as a breach in the web of trust between developers,
as itīs one of the least verified/described/formal way to do things, while
it does affect the direct contents of the distribution - and therefore the
things that get installed on my (and a lot of others') systems.

			      Linux Generation
   encrypted mail preferred. finger rvdm@debian.org for my GnuPG/PGP key.
			Sodomy is a pain in the ass.

Reply to: