Re: DM and pkg-perl

To: debian-perl@lists.debian.org
Subject: Re: DM and pkg-perl
From: "Martín Ferrari" <martin.ferrari@gmail.com>
Date: Wed, 21 Nov 2007 17:36:57 -0300
Message-id: <[🔎] b9800b70711211236o13d4fa18wb55bf409393bc9f0@mail.gmail.com>
In-reply-to: <[🔎] 20071121192647.GA6254@beetle.modsoftsys.com>
References: <[🔎] b9800b70711191513g57256297sa58b07f922d25a91@mail.gmail.com> <[🔎] 20071120085945.GD12666@modsoftsys.com> <[🔎] 20071120103554.GB3038@nerys.comodo.priv.at> <[🔎] 20071121192647.GA6254@beetle.modsoftsys.com>

To everybody, please understand that I'm not wanting to use a hole in
the system to escalate privileges. What I say below is just my point
of view trying to find a acceptable policy for the group.

Hi Dam,

On 11/21/07, Damyan Ivanov <dmn@debian.org> wrote:

> Next month, $B, who also maintains non-pkg-perl package $Q, gets DM
> status because his sponsor is tired of uploading $Q and is pretty
> confident that $B can handle $Q appropriately.
>
> Bang! $B can upload $P too. I gave $B this right, *unintentionaly*.

I was thinking exactly about this when I wrote my original mail. The
DM mechanism has this drawback. I think that marking a package as DM
uploadable should be thought as exactly that, and never think of
giving the right to $person; because $person can then give the right
to whoever he wants. If you think that package $foo is too complicated
to be touched by anybody who's not a DD, then don't put the flag, or
have an agreement with your non-DD (both DM and maybe-DM-someday)
co-maintainers. I think this is the first step.

Said that, I do think that people who are entering DM should be
considered trustworthy, not because I'm think that I'm trustworthy,
but because it's the responsibility of the DDs that had advocated him
to know that before signing. If John DM fucks it up, he might have his
privileges revoked and his advocates should be somehow "marked" as
advocating random people. Of course, many people will disagree :).

I think that this is important for the DM thingie to be useful, more
because of the social issue than the technical one.

> Question 1: Should we worry about such scenario? I mean, if $B got DM
> status, s/he already agreed to follow the policies etc. My concern with
> this is that if agreeing to follow policies was enough, DMs might as
> well be treated as DDs :)

You have a point here; but it can be treated with what I said
previously: don't give the DM flag to tricky packages which are
co-maintained with random non-DDs.

> My answer to this is to clean Uploaders: list before uploading $P with
> DM-Yes from all non-DDs, except $A. This would mean we change our polocy
> about the Uploaders: field that whoever makes a change worth noting in
> changelog, adds him/herself to Uploaders. The nice thing about this

I think I'd prefer not to use my DM rights here than to impair the
group good work flow.

-- 
Martín Ferrari

Reply to:

Follow-Ups:
- Re: DM and pkg-perl
  - From: Damyan Ivanov <dmn@debian.org>

References:
- DM and pkg-perl
  - From: "Martín Ferrari" <martin.ferrari@gmail.com>
- Re: DM and pkg-perl
  - From: Damyan Ivanov <dmn@debian.org>
- Re: DM and pkg-perl
  - From: gregor herrmann <gregor+debian@comodo.priv.at>
- Re: DM and pkg-perl
  - From: Damyan Ivanov <dmn@debian.org>

Prev by Date: Re: DM and pkg-perl
Next by Date: Re: ITP: libgtk2-ex-printdialog-perl - a pure-perl alternative to the Gnome2::Print libraries
Previous by thread: Re: DM and pkg-perl
Next by thread: Re: DM and pkg-perl
Index(es):
- Date
- Thread