Re: Proposal for collaborative maintenance of packages
Raphael Hertzog <firstname.lastname@example.org> writes:
> Yeah, this makes sense too. I'd like to have wrappers for doing things
> locally :
> - download source package from the good repository (without having to
> type a huge URL)
> - run most checks on it (pbuilder, piuparts, lintian, ...)
> - display analysis
> - etc.
> It's a good idea to have those tools widely available and to simply use
> them on a specific server to make the data available on web pages too.
lintian is the model to follow here, I think. It runs both in a
stand-alone mode and as a general audit tool. I really like that model.
Making package review faster with better tools feels like one of the most
important aspects of this. For example, I commented earlier to Raphael
privately that one of the most time-consuming parts of reviewing packages
for me right now is double-checking that the .orig.tar.gz tarball for new
packages matches the upstream version. Requiring a watch file for all
packages maintained in this fashion unless there's no upstream for some
reason and then wrapping a tool around uscan to verify the upstream
tarball wouldn't be hard and would save some time.
> Human issues are a non-issue. We can't define who trust who. Each person
> decides who they want to trust. I expect Debian developers to not trust
> anyone they don't know at all, however trust can be created when review
> after review they see that the person is doing a good job, etc.
Agreed. I don't have to trust someone to sponsor their packages. I'm
just more painstaking the first time than I might be later on once they've
established that they do a good job.
There are also a bunch of not particularly hard things that I think one
could improve with sponsors/mentors.debian.net, such as the state tracking
that Raphael mentioned earlier or more push notification of things that a
sponsor should be looking at that would fit well into this sort of
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>