Re: Multi-person sponsorship
On Thu, Feb 19, 2004 at 01:05:08PM -0500, Joey Hess wrote:
> Matthew Palmer wrote:
> > > package I sponsor. I want to know if they are not able to send me a
> > > package that will build properly. I want to work with them and be
> >
> > Since you only get packages for sponsorship which have built in a clean sid
> > chroot out of my system, you can be fairly sure of that.
>
> As you've described the system, it sounds like my sponsee could make
> several iterations with bad unbuildable packages before it is ever made
> aailable to me to look at. This is what I want to avoid; if they are not
> competant to upload a buildable package the first time, I want to know
> that.
Noted. An upload history per-person would address that point to some
degree.
> > I'm interested in how many of your sponsees do you know are/aren't doing,
> > say, QA work quietly, or working on d-i, or doing bug triage? I know that
> > at least one person I'm sponsoring isn't doing anything on anything else,
> > because I used to work with him, but apart from that, the people whose
> > packages I've sponsored could be working towards becoming DPL and I'd hardly
> > know. Should I know these things? Do you think that a good sponsor should
> > be doing these things, or that it's useful in the general case for a sponsor
> > to know all of a sponsees other activities?
>
> I use filtering and scoring to keep track of such things reasonably
> well. Unless they're sending patches to maintainers via private email or
> something, I am likely to see anything they do in debian.
Do you think that is a recommended activity for sponsors in general, or do
you do it more for personal curiousity?
> > > (I'd also like to see AM's making more use of this information. If I've
> > > advocated someone, I can tell you what parts of T&S they have already,
> > > IMHO, passed.)
> >
> > If you put that information into an advocacy report, does the AM ignore it,
> > or are they not supposed to take other people's experiences into account?
> > (That seems odd, considering that some NMs get their AMs switched on them).
>
> I didn't know we had avocacy reports, doesn't the current system only
> let you enter their email address?
>From memory (and this may have changed subsequently), after you say "yes I
want to advocate this NM candidate", you get an e-mail saying "please fill
in here why you advocate this person, and send it GPG signed back to us". I
presume the comments in there would go into the NM's file.
> > > (I also hope that nobody roots your autobuilder.)
> >
> > I'm not keen on ever providing the .debs that come out of the autobuilder.
>
> Beside the point. Inside the autobuilder, you are running possibly
> untrusted code. It's only a local exploit away from running as root, at
Yes, I did miss your point. Thank you for pointing it out.
Now, does the autobuilder get moved to another machine, or do I just put on
my scary face when adding people to the authorised uploaders list? <grin>
- Matt
Reply to: