On Mon, Feb 21, 2005 at 08:23:52AM +0100, Pierre Habouzit wrote: > Le Lun 21 F?vrier 2005 00:16, Matthew Palmer a ?crit : > > NEW would still have to be processed by hand, though -- crypto > > notifications still need to be sent, and the protection provided by > > two crap developers working on a package isn't not that much better > > than one crap developer working on a package. > > I don't agree at all. > > multiple signature has to be used if you have really reviewed the > package. And as an XP freak, I guess you should know that cross-reading > is really good for code quality. I don't understand why it shouldn't be > the same for packages. Because there's no guarantee (or even real likelihood) that the two developers whose signatures appear on the package have sufficient Clue to be able to produce quality packages. Pair programming only works when both people are switched on and taking note of their surroundings. The ftpmasters are, in general, senior and clueful DDs, with a good knowledge of the likely high and low points of a package. > And since we quite all agree that managing multiple gpg signatures is > not *that* difficult, it may worth trying it, doesn't it ? Oh, I think it's a great idea, I'm just not convinced that it'll suffice for clearing the NEW processing delay. - Matt
Attachment:
signature.asc
Description: Digital signature