Re: Reforming the NM process
On Wed, 12 Apr 2006, Bernhard R. Link wrote:
> Isn't this almost equivalent of giving them their Account directly
> and ask them to get any new package reviewed by someone else?
> (As there is nothing to avoid their build rules or maintainer scripts to
> do dangerous stuff, so from the risk-view this is almost a account
> on every buildd and a root account on every machine installing new
> versions of that package).
That's true except that I hope that someone won't get upload rights after their
very first sponsored uploads. The DD should give upload rights to the contributor
*only* after several sponsored upload that went well.
If after that, the maintainer abuses his rights and introduces malicious
code, we'll remove his abilities as soon as discovered and he will never
be able to apply again.
> Plus sponsoring is a nice way to have experienced people look at what
> a applicant is doing. If done seriously sponsoring is almost as much work
> as packaging a package on your own, but that is true for every
> teaching by letting do and looking over it.
Indeed, but in fact, when a DD sponsors someone, he carefully checks the
2-3 first uploads and then only does a superficial review... and it's not
a big deal as long as the applicant is responsive and correct bugs as they
Premier livre français sur Debian GNU/Linux :