Quoting Bernhard Reiter (ockham@raz.or.at): > Thanks for pointing me there! Sounds like I really should give that a > try. However, if I get this right, I'd still need to seek sponsorship > for new packages, right? Once your GPG key is in the Debian Maintainer keyring, then you can authorized to upload packages directly yourself for identified packages. This is done through a special field named DM-Upload-Allowed (written from memmory, I'm not online right now to check the exact syntax) in the debian/control file. If this field is set to "yes" and you are in the Maintainer field, then youc an upload this package (and not another one). So, only the first upload that sets this field has to be sponsored. In short, the DD who takes responsibility to upload a package with DM-Upload-Allowed is indeed saying "I trust this person to be the maintainer of that package in Debian and do further uploads him|herself".
Attachment:
signature.asc
Description: Digital signature