Re: Reforming the NM process
* Raphael Hertzog <firstname.lastname@example.org> [060412 08:39]:
> On Wed, 12 Apr 2006, Bernhard R. Link wrote:
> > Isn't this almost equivalent of giving them their Account directly
> > and ask them to get any new package reviewed by someone else?
> > (As there is nothing to avoid their build rules or maintainer scripts to
> > do dangerous stuff, so from the risk-view this is almost a account
> > on every buildd and a root account on every machine installing new
> > versions of that package).
> That's true except that I hope that someone won't get upload rights after their
> very first sponsored uploads. The DD should give upload rights to the contributor
> *only* after several sponsored upload that went well.
That's only true as long as there are still sponsored uploads possible.
(Which for example aj suggested to abolish in his blog about this topic,
if I correctly understand it). There could be some
> If after that, the maintainer abuses his rights and introduces malicious
> code, we'll remove his abilities as soon as discovered and he will never
> be able to apply again.
So why not give a full account directly (assuming it is after
identification and philosophy and procedures, giving anyone any upload
rights before that is a absolute no-go in my eyes)?
> > Plus sponsoring is a nice way to have experienced people look at what
> > a applicant is doing. If done seriously sponsoring is almost as much work
> > as packaging a package on your own, but that is true for every
> > teaching by letting do and looking over it.
> Indeed, but in fact, when a DD sponsors someone, he carefully checks the
> 2-3 first uploads and then only does a superficial review... and it's not
> a big deal as long as the applicant is responsive and correct bugs as they
> get submitted.
In my experience later uploads seldom include major changes in the
packaging, so reviewing what changed is not that much work.
Bernhard R. Link