[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: upload with name of sponsored person?

tony mancill wrote:
> The advantages to this method (over, say building the package yourself
> from sources) are:
> 
> - bug reports, etc. go to the sponsee, because the control file has their
> email address in it.

You can keep their name in the control file and build the package. Just
make your name be in the changelog. It's like a NMU. They will be listed
as the maintainer even though you uploaded it.

> - libraries and dependencies get calculated on the sponsee's machine, so
> the sponor doesn't necessarily have to have the same Debian release as the
> package.
> 
> - it's less work for the sponsor than any other way I've tried.

But it does require that you trust the new maintainer. If you know them,
ok, maybe this is ok. If you don't, you're uploading binaries build by
someone you don't know, and who has not gone through the NM process.

I much prefer to get their source package, md5sum the .orig.tar.gz
against upstream, and read the diff. Only then build the package and
sign it. Call me paranoid. It's really not a lot harder though.

-- 
see shy jo
Reply to: