[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Hijacking^W^W^W^W^W^WSalvaging packages for fun and profit: A proposal


On 30.09.2012 18:33, Stefano Zacchiroli wrote:
> As a general principle, I'm with Bart here.  I don't think we will
> benefit from a new, relatively complex, procedure that overlaps with
> other existing mechanisms.

As for me, I am fine with *any* proposal which works out in practice.
Bei it mine, Bart's or any other. I just hope to find consensus in a
practice eventually.

> I don't know what to make of the "seconds" suggestion by Bart, though. I
> understand the rationale, but is not clear to me how to raise the
> interest by other DDs in reviewing the "intent to orphan" bugs filed by
> 3rd parties. Maybe we should document to post them on -qa? That *might*
> have the side-effect of fostering the creation of a review community for
> these kind of actions on -qa. Mumble mumble...

I do not think the seconding is a good idea as a rationale to justify a
salvage/hijack. In my proposal I tried to avoid social side-effects by
providing a measurable quantity to determine when a package is orphaned.
If we rely on Debian Members to second a proposal I see these problems

* We are effectively ruling out opinions of non-members. That's bizarre,
since we allow them to maintain (and even "hijack") packages. Why
wouldn't we allow them to second an attempt to hand someone else the
maintainership of a package? On the other hand, we cannot allow any
random someone to make binding votes, given impersonating identities on
the Internet is no challenge at all

* Seconding a proposal does not say anything about their rightfulness.
I'm pretty sure to find three seconds for almost any (not so) stupid
idea in Debian, even if 25 people may oppose it.

* On the other hand, it won't be a problem either to find (almost) any
number of people opposing a plan. Especially if we talk about a
controversial idea like that.

* If we rely on social metrics ("I think this your attempt is legit")
instead of quantifiable numbers ("Your attempt is legit because it
fulfills criterion X") it is pretty clear, we will end up in a dispute
over an individual case soon(er or later).

However, if we do not add a constraint which needs to be passed (be it a
time based constraint or seconding an intent by someone else) we haven't
won anything over the status quo: File an intent to salvage/hijack a
package, wait if people complain loud enough. We would still be in a
legal gray area, where it is not clear whether one is allowed to salvage
a package from a bad maintainership.

I think the most important rationale is to get people not to be afraid
to take over packages anymore, if their intentions are meant well.

with kind regards,
Arno Töll
IRC: daemonkeeper on Freenode/OFTC
GnuPG Key-ID: 0x9D80F36D

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: