[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#593611: Clarify whose signature should go in debian/changelog (4.4)

On 3 March 2014 13:24, Bill Allombert <ballombe@debian.org> wrote:
> On Sun, Dec 25, 2011 at 10:46:18AM -0800, Russ Allbery wrote:
>> Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr> writes:
>> > On Sat, Sep 18, 2010 at 09:10:58PM -0700, Russ Allbery wrote:
>>
>> >> --- a/policy.sgml
>> >> +++ b/policy.sgml
>> >> @@ -1688,11 +1688,14 @@
>> >>
>> >>    <p>
>> >>      The maintainer name and email address used in the changelog
>> >> -    should be the details of the person uploading <em>this</em>
>> >> -    version.  They are <em>not</em> necessarily those of the
>> >> -    usual package maintainer.<footnote>
>> >> -      If the developer uploading the package is not one of the usual
>> >> -      maintainers of the package (as listed in
>> >> +    should be the details of the person who prepared this release of
>> >> +    the package.  They are <em>not</em> necessarily those of the
>> >> +    uploader or usual package maintainer.<footnote>
>> >> +      In the case of a sponsored upload, the uploader signs the
>> >> +      files, but the changelog maintainer name and address are those
>> >> +      of the person who prepared this release.  If the preparer of
>> >> +      the release is not one of the usual maintainers of the package
>> >> +      (as listed in
>> >>        the <qref id="f-Maintainer"><tt>Maintainer</tt></qref>
>> >>        or <qref id="f-Uploaders"><tt>Uploaders</tt></qref> control
>> >>        fields of the package), the first line of the changelog is
>>
>> > As I said earlier, I do not think that this matches current practices.
>>
>> > As I see current practices:
>> > 1) the name in the changelog in the one of whoever ran dch last,
>> > i.e. the name of the developer who changed the date in the changelog
>> > last.
>>
>> > 2) Someone sponsoring a package does not change it in any way.
>>
>> > Maybe this kind of information are better placed in the developer
>> > reference than in policy.
>>
>> Hi Bill,
>>
>> Your objection here is I think the only thing left to deal with to resolve
>> this bug, since the patch has otherwise been seconded.  As Raphaël pointed
>> out, I didn't intend a substantive difference between "preparing the
>> release" and "making the last change"; whoever does the equivalent of dch
>> -r is what's meant.  Do you think this is unclear enough that I shouldn't
>> merge the patch?  I'm inclined to merge the patch since I think we're
>> falling into the trap of scrutinizing the wording too closely.
>>
>> I agree that the details that you describe should probably be in the
>> developer reference rather than in Policy, which is why I'm trying to keep
>> this as succinct and short as possible while still addressing the original
>> bug, which correctly points out that the current Policy wording implies
>> that sponsors of packages should replace the changelog footer with their
>> own identity (definitely not existing or recommended practice).
>
> It is clear we agree on the fundamental issues, so I will trust your judgement
> on the wording. I am always concerned that removing one ambiguity will introduce
> another. In this instance, if a package is comaintained, a release could be thought
> as prepared by several people.
>
> I have created a git branch bug593611-bill that I will commit in one week if nobody
> object.

The proposed wording matches what I have done multiple times in the
past, and subsequently got condemned for.

E.g. i've looked at the bug that affected me, and there was a debdiff
prepared by person X, with .1 nmu version number, targetting unstable,
name and date.
I took that patch, applied as is, debsigned it and uploaded into the
archive, without modifying debian/changelog in any way.
( I am not the usual maintainer/uploader of the package in question,
thus i have "sponsored an NMU" )

After doing so, i've received multiple strongly worded emails, and
harsh pings on IRC from unrelated (non-usual maintainer/uploader) and
related (non-usual maintainer/uploader) to the package people, as well
as the person X who prepared the debdiff ("but i didn't ask for it to
be uploaded" [*])

I'm glad that policy will finally document that sponsor should only
debsign & dput, and not modify the prepared debian/changelog by other
people (be it usual or non-usual Maintainer:/Uploaders:).

I strongly support the change to the policy, and it matches my current
interpretation of the policy (intent).


[*] imho preparing an NMU debdiff _is_ asking for it to be uploaded...

-- 
Regards,

Dimitri.
Reply to: