Re: unauthorized upload of xfree86 4.3.0-1 to unstable

To: debian-project@lists.debian.org, Daniel Stone <daniels@debian.org>
Subject: Re: unauthorized upload of xfree86 4.3.0-1 to unstable
From: Steve Langasek <vorlon@netexpress.net>
Date: Fri, 30 Jan 2004 12:24:14 -0600
Message-id: <[🔎] 20040130182413.GE13623@tennyson.netexpress.net>
Mail-followup-to: vorlon@netexpress.net, debian-project@lists.debian.org
In-reply-to: <[🔎] 20040129020819.GV14277@trinity.unimelb.edu.au>
References: <E1AlIov-0003CT-00@auric.debian.org> <[🔎] 20040128180430.GG4060@deadbeast.net> <[🔎] 20040129020819.GV14277@trinity.unimelb.edu.au>

On Thu, Jan 29, 2004 at 01:08:19PM +1100, Daniel Stone wrote:

> > Organizationally, we have more experience with single-maintainer
> > packages, and I think we have to evolve a bit with respect to team
> > maintenance a bit more.  Fundamentally, I think team-maintenance of
> > packages has to be grounded on mutual trust among the members of the
> > team.  I personally feel that my trust was betrayed in this situation.
> > If you think I should not feel this way, please explain why.

> I think another issue Branden was possibly trying to raise - that we
> was raised privately - is the team-maintainership model where you have a
> leader/follower(s), and whether that needs to be formalised, if/when the
> follower(s) can disobey the leader, et al. XSF was very much
> leader/follower, as you can see here, as opposed to models of other
> teams, which are very much equal/meritorious.

Nothing about the rise of team-based package maintenance supersedes the
existing concepts of package "ownership" and proper package uploads.  If
you're not in the Maintainer: field (or the Uploaders: field now),
you're not the package maintainer -- which means formally, you're not
the one who bears the responsibility for the state of the package,
though you definitely bear the responsibility for any uploads of this
package you do.

Adding yourself to the Maintainer: or Uploaders: field without the
consent of the current active maintainer is called hijacking, and is
definitely not conducive to cooperative maintenance.

Using a MU version number in a sourceful upload if your name isn't in
one of these two fields is an improper NMU.  Don't do that.

I don't see that anything needs to be formalized beyond this.  If you
feel otherwise, that's a matter for the XSF to discuss internally --
it's not a matter for the project at large to decide.  It certainly
sounds like there are a number of procedural issues that it would be
good for the XSF to have discussed more thoroughly.

-- 
Steve Langasek
postmodern programmer

Attachment: pgpymRTqFVqHa.pgp
Description: PGP signature

Reply to:

References:
- unauthorized upload of xfree86 4.3.0-1 to unstable
  - From: Branden Robinson <branden@debian.org>
- Re: unauthorized upload of xfree86 4.3.0-1 to unstable
  - From: Daniel Stone <daniels@debian.org>

Prev by Date: Unidentified subject!
Next by Date: Re: unauthorized upload of xfree86 4.3.0-1 to unstable
Previous by thread: Re: unauthorized upload of xfree86 4.3.0-1 to unstable
Next by thread: Re: unauthorized upload of xfree86 4.3.0-1 to unstable
Index(es):
- Date
- Thread