Re: DM and pkg-perl (alternative proposal)

To: debian-perl@lists.debian.org
Subject: Re: DM and pkg-perl (alternative proposal)
From: Gunnar Wolf <gwolf@gwolf.org>
Date: Tue, 11 Dec 2007 18:31:38 -0600
Message-id: <[🔎] 20071212003138.GG29957@cajita.gateway.2wire.net>
In-reply-to: <[🔎] 20071207233036.GW30992@planck.djpig.de>
References: <20071126211549.GB5356@beetle.modsoftsys.com> <20071129072204.GA11871@rispa.it.helsinki.fi> <20071129121104.GC21982@modsoftsys.com> <[🔎] 20071207230137.GJ15345@cajita.gateway.2wire.net> <[🔎] 20071207233036.GW30992@planck.djpig.de>

Frank Lichtenheld dijo [Sat, Dec 08, 2007 at 12:30:36AM +0100]:
> I know quite a few DDs who's packaging skills are not up to my
> standards. Even more so on the sponsorship side. I have no real
> hopes that DMs should be significantly better on average.

There is at least one reason I give to DMs to be more careful: Not
having the processes set on automatically. They will -at least for
some time- pay some more attention at least towards not getting bad
light. After all, DMs are trusted up to a certain point, and their
access is much easier to revoke than a DD's. So, no, I don't expect
them to know the intrincate details of the Policy, but I do expect
them to cooperate and follow.

> I strongly disagree with this paragraph. The amount of people who will
> build a package from SVN and install it is very, very small compared to
> the amount of people who will install a package which is only in
> unstable for one day. And yes, SVN is suboptimal in that it doesn't ensure
> the integrity of your data and the ability to recover from any malice
> done to the central repository (like e.g. git does). But most of our
> history is very boring, so we wouldn't loose all that much in the end.

Well, we _do_ have some traces in our history that I'd think are quite
important. Particularly, if we do not blindly trust our committers,
who did what. Who introduced this b0rken package, who introduced this
sick fix, who back-doored this net-facing module... Of course we are
supposed to check when uploading, but ellaborate attack scenarios can
appear.  Anyway...

> > I think that over-elaborating on rules to allow or restrict who can
> > upload what, which XS fields to use and the rules on the Uploaders
> > field's handling is a net waste of energy...
> 
> Before DM it was (and the rules reflected that). Now I agree with
> (starting in) a rather paranoid way. And given our good sponsorship record I
> don't think that should hinder any non-DD contributor too much.

All in all, I agree on this. I'd rather err on being a bit too tight
than on being too relaxed. After all, this is Debian we are talking
about. 

Greetings,

-- 
Gunnar Wolf - gwolf@gwolf.org - (+52-55)5623-0154 / 1451-2244
PGP key 1024D/8BB527AF 2001-10-23
Fingerprint: 0C79 D2D1 2C4E 9CE4 5973  F800 D80E F35A 8BB5 27AF

Reply to:

References:
- Re: DM and pkg-perl (alternative proposal)
  - From: Gunnar Wolf <gwolf@gwolf.org>
- Re: DM and pkg-perl (alternative proposal)
  - From: Frank Lichtenheld <djpig@debian.org>

Prev by Date: Re: ITH: podbrowser
Next by Date: Re: New perl packages uploaded to the SVN
Previous by thread: Re: DM and pkg-perl (alternative proposal)
Next by thread: Re: DM and pkg-perl (alternative proposal)
Index(es):
- Date
- Thread