Sponsoring questions; are sponsored NMU's allowed? (Was: Re: Canonical list of contributors)
[ CC'ing James Troup as I'm not sure he's subscribed ]
On Wed, Jun 02, 2004 at 11:38:16AM -0600, Gunnar Wolf wrote:
> A friend asked me to take some notes from the BOF - I am sharing them
> here. I did my best to catch the important points, but I can assure
> you I missed some of them, and probably I misunderstood some parts of
> - Elmo: Sponsorship can be easily abused, and should not be
> encouraged, as a little bit of carelessness can cause the project to
> be compromised. There is no way around it, but it cannot be
> completely avoided. It has been abused for example for NMUs.
I don't fully understand this point, and I'm a bit confused by this.
Since this reflection of Elmo's words has an internal inconsistency,
it's likely that this writedown isn't fully correct, maybe James Troup
wants to correct it if wrong?
As I understand it, sponsorship is _the_ way for non-DD's to give a hand
in maintaining packages. Because of sponsorship, not every maintainer
has to be a Debian Developer. Of course, sponsorship has its dangers if
not performed properly (i.e., changes reviewed by the sponsor, rebuild
by sponsor). But, if done properly, danger is limited (interdiff
combined with a rebuild is just as dangerous as accepting a patch from a
bugreporter -- it all depends on the attention to the review of the
Or are you, James, here wanting to say that you dislike package
maintainance by non-DD's altogether? While such a model is certainly
possible, it isn't current practice AFAICS, nor did I hear advocated
this viewpoint before -- on the contrary.
A last question: what about sponsored NMU's? I've had at least one NMU
ready to be sponsored & uploaded, plus pondered to do it multiple times,
often invited by DD's. Is it allowed as a non-DD to do NMU's? Or are
NMU's really a DD-only privilege?
Developers reference 5.11.2 says that "Only official, registered Debian
maintainers can do binary or source NMUs.". Non-DD's however can
technically prepare a source NMU (that is, doing the administrativa of
reporting bugs, providing patches to the maintainer, pinging the
maintainer, and actually preparing the package), and have it sponsored
by a DD. This reduces the burden on the DD, as checking & rebuilding
such a package is less time than really preparing it yourself.
Of course, binary-only NMU's (and MU's) can (should) only be made by
DD's, for obvious reasons.
Jeroen van Wolffelaar
Jeroen@wolffelaar.nl (also for Jabber & MSN; ICQ: 33944357)