[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from the ftpmasters

On Mon, Feb 21, 2005 at 08:23:52AM +0100, Pierre Habouzit wrote:
> Le Lun 21 F?vrier 2005 00:16, Matthew Palmer a ?crit :
> > NEW would still have to be processed by hand, though -- crypto
> > notifications still need to be sent, and the protection provided by
> > two crap developers working on a package isn't not that much better
> > than one crap developer working on a package.
> I don't agree at all.
> multiple signature has to be used if you have really reviewed the 
> package. And as an XP freak, I guess you should know that cross-reading 
> is really good for code quality. I don't understand why it shouldn't be 
> the same for packages.

Because there's no guarantee (or even real likelihood) that the two
developers whose signatures appear on the package have sufficient Clue to be
able to produce quality packages.  Pair programming only works when both
people are switched on and taking note of their surroundings.  The
ftpmasters are, in general, senior and clueful DDs, with a good knowledge of
the likely high and low points of a package.

> And since we quite all agree that managing multiple gpg signatures is 
> not *that* difficult, it may worth trying it, doesn't it ?

Oh, I think it's a great idea, I'm just not convinced that it'll suffice for
clearing the NEW processing delay.

- Matt

Attachment: signature.asc
Description: Digital signature

Reply to: