Re: 2 months and no upload for pkg

[Ian Jackson <ijackson@chiark.greenend.org.uk>]

Daniel Pocock writes ("Re: 2 months and no upload for pkg"):
> This is really the root of the problem and I agree that it would be nice
> to find ways to help them.  A solution is good for the FTP masters and
> good for the project.

I agree.

> Another way to look at your proposal may be to compare it to
> alternatives (I'm not suggesting I personally agree with all of these,
> but they are just some things that come to mind):
> 
> a) let people self-certify packages when they wrote 100% of the code
> themselves.  People abusing this privilege would lose it.
> 
> b) offer some facility for upstreams to certify their packages as 100%
> free software by completing a DEP-5-like template and signing it with
> the same key they use to sign their tags and release announcements.

I think both of these are, mostly, ad-hoc ways of prioritising certain
packages.  (Since the effort of setting up such systems and monitoring
compliance etc. is probably not less than that of reviewing the
packages in question and coming to a judgement.)

A more flexible approach along the same lines would be to allow
packages to skip manual NEW review if countersigned by N DDs (who
would presumably lose countersigning privileges it was later
discovered that the package should have been rejected).

> c) offer a paid review service.  FTP masters and assistants can sell
> their time through an auction process.  [...]

I hope this is a joke.

> d) the upload with binary JARs inside it was accepted by the NEW queue
> software.  Maybe the scripts could be stricter about rejecting such
> packages before they reach FTP masters?  Do the FTP masters publish
> statistics on rejections that could be used to identify the top things
> to scan and reject automatically?

I'm sure the ftpmasters will welcome your patches to their decision
support software.

Ian.