Re: Non-DDs as official Debian package maintainers
- To: firstname.lastname@example.org
- Subject: Re: Non-DDs as official Debian package maintainers
- From: Jonas Smedegaard <email@example.com>
- Date: Wed, 21 Sep 2005 22:24:36 +0200
- Message-id: <firstname.lastname@example.org>
- In-reply-to: <E1EIA8gemail@example.com>
- References: <firstname.lastname@example.org> <20050920201158.GB9375@squee.verizon.net> <email@example.com> <firstname.lastname@example.org> <email@example.com> <firstname.lastname@example.org> <email@example.com> <firstname.lastname@example.org> <email@example.com> <firstname.lastname@example.org> <E1EIA8gemail@example.com>
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 21 Sep 2005 20:20:18 +0100
MJ Ray <firstname.lastname@example.org> wrote:
> Jonas Smedegaard <email@example.com> wrote:
> > [...] and found in one of the bugreports for the package
> > the comment "i'm searching for a sponsor for the new revision."
> Perhaps a sponsor who does not intend to sponsor the package
> any more should open a "RFS" bug in WNPP? No package should
> be introduced to the archive by a one-upload sponsor.
...and how do I locate the sponsor(s) after loosing interest in the
package but before a new sponsoring deal is setup?
Tools like qa.debian.org tracks maintainers, not "signers". So for each
package I believe I must find the package in packages.qa.debian.org,
pick the upload message, decipher the GPG signature... Right?
So if I want to avoid all the crap developer Foo blindly uploaded if I
stumble across a badly sponsored package, how do I get such list?
My point is our tools are geared towards packages, package maintainers,
package pools and distribution releases - but not sponsors.
And I believe that to be sane: While sponsoring, the sponsor takes the
responsibility that the non-DD cannot. So that responsibility is what
we want noted in the maintainer field.
> > A requirement that the Maintainer field always either matches an
> > entry in the Debian keyring or the email ends in "@debian.org" [...]
> I am flatly against this. It should be enough that Uploaders
> are listed.
Why? Please elaborate.
> > "Uh, but then the non-DD can't prove the skills of packaging for the
> > NM-process," I hear you say. No - just have the non-DD write
> > separate changelog entries so that it is obvious what parts of the
> > work you did and the non-DD did. You should do that anyway!
> If you are given a version to sponsor and it doesn't pass OK, you
> should tell the maintainer what bugs need fixing. If you're going
> to work on it anyway, aren't the two of you co-maintainers
> rather than sponsor and maintainer?
Co-maintainance can also prove packaging skills if properly documented,
It is irrelevant for me if it is called sponsoring, mentoring,
coaching, co-maintainance or whatever. My point is that while not an
official Debian Developer there are some things we don't trust you to
do. And to me it seems logical that one who (is able to) take
responsibily is tagged as such.
To me "maintain" means adjust the software for use within Debian. It
might mean rewrite parts of the upstream code, or it might mean just
running lintian against it from time to time. Whatever it takes, it
always includes declaring responsibility to the Debian community for the
way this software works with Debian.
Openoffice.org developers are responsible for how OpenOffice works, and
da.openoffice.org developers are responsible for how the danish
translated openoffice works. But for Debian, we make our own binaries -
sometimes closely matching upstream and sometimes not. That is our
responsibility - and if nothing else it is our task to forward all bugs
and complaints, and convince upstream that the trouble is theirs to
KDE makes Debian packages of their software. But if their packages gets
into Debian I want to know who _within_ _Debian_ has decided that we
want to go with their choice of library versions, recommends and
suggests, instead of something else.
> If you want to forbid sponsorship, then there are arguments for
> that, but I think it's a change to how we teach at present and
> debian would be the poorer for it. Please debate that change
> directly, rather than dressing it up as "only DDs should be
> credited as maintainers and DDs must take all responsibility".
I don't want to forbid sponsoring. I want to be able to see who is
responsible for each package.
* Jonas Smedegaard - idealist og Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
- Enden er nær: http://www.shibumi.org/eoti.htm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
-----END PGP SIGNATURE-----