[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Multi-person sponsorship

On Thu, Feb 19, 2004 at 01:05:08PM -0500, Joey Hess wrote:
> Matthew Palmer wrote:
> > > package I sponsor. I want to know if they are not able to send me a
> > > package that will build properly. I want to work with them and be
> > 
> > Since you only get packages for sponsorship which have built in a clean sid
> > chroot out of my system, you can be fairly sure of that.
> 
> As you've described the system, it sounds like my sponsee could make
> several iterations with bad unbuildable packages before it is ever made
> aailable to me to look at. This is what I want to avoid; if they are not
> competant to upload a buildable package the first time, I want to know
> that.

Noted.  An upload history per-person would address that point to some
degree.

> > I'm interested in how many of your sponsees do you know are/aren't doing,
> > say, QA work quietly, or working on d-i, or doing bug triage?  I know that
> > at least one person I'm sponsoring isn't doing anything on anything else,
> > because I used to work with him, but apart from that, the people whose
> > packages I've sponsored could be working towards becoming DPL and I'd hardly
> > know.  Should I know these things?  Do you think that a good sponsor should
> > be doing these things, or that it's useful in the general case for a sponsor
> > to know all of a sponsees other activities?
> 
> I use filtering and scoring to keep track of such things reasonably
> well. Unless they're sending patches to maintainers via private email or
> something, I am likely to see anything they do in debian.

Do you think that is a recommended activity for sponsors in general, or do
you do it more for personal curiousity?

> > > (I'd also like to see AM's making more use of this information. If I've
> > > advocated someone, I can tell you what parts of T&S they have already,
> > > IMHO, passed.)
> > 
> > If you put that information into an advocacy report, does the AM ignore it,
> > or are they not supposed to take other people's experiences into account? 
> > (That seems odd, considering that some NMs get their AMs switched on them).
> 
> I didn't know we had avocacy reports, doesn't the current system only
> let you enter their email address?

>From memory (and this may have changed subsequently), after you say "yes I
want to advocate this NM candidate", you get an e-mail saying "please fill
in here why you advocate this person, and send it GPG signed back to us".  I
presume the comments in there would go into the NM's file.

> > > (I also hope that nobody roots your autobuilder.)
> > 
> > I'm not keen on ever providing the .debs that come out of the autobuilder. 
> 
> Beside the point. Inside the autobuilder, you are running possibly
> untrusted code. It's only a local exploit away from running as root, at

Yes, I did miss your point.  Thank you for pointing it out.

Now, does the autobuilder get moved to another machine, or do I just put on
my scary face when adding people to the authorised uploaders list?  <grin>

- Matt
Reply to: