Re: Reforming the NM process
On Wed, 12 Apr 2006, Bernhard R. Link wrote:
> > That's true except that I hope that someone won't get upload rights after their
> > very first sponsored uploads. The DD should give upload rights to the contributor
> > *only* after several sponsored upload that went well.
> That's only true as long as there are still sponsored uploads possible.
> (Which for example aj suggested to abolish in his blog about this topic,
> if I correctly understand it). There could be some
Sponsored uploads are still possible... but the person signing the
.changes is the one that must be listed in the changelog so the sponsored
upload would be done this way:
* Sponsoring upload for <applicant name>
* <list of changes>
-- Raphael Hertzog <email@example.com> ...
I don't think the DM concept should end the sponsorship idea. But I do
like to have a clear indication in the changelog of who sponsored who.
It's a pain to have to use gpg to discover who sponsored the upload.
> > If after that, the maintainer abuses his rights and introduces malicious
> > code, we'll remove his abilities as soon as discovered and he will never
> > be able to apply again.
> So why not give a full account directly (assuming it is after
> identification and philosophy and procedures, giving anyone any upload
> rights before that is a absolute no-go in my eyes)?
Because complete trust is only achieved once the NM process is over and
once some time has elapsed.
I believe many people would be happy with the right to upload only some
specific packages. I know for example a TeX expert who'd like to
maintaine some TeX-related packages but who doesn't want to become full DD
because he is not interested in NMU, in fixing other packages or
anything else. He uses Debian, he is skilled enough to
maintain a simple package that already exists and that would be otherwise
oprhaned and dropped, and is intelligent enough to know where to ask for
help in case they need some.
He fits perfectly in the "Debian Maintainer" scheme proposed by aj.
> > Indeed, but in fact, when a DD sponsors someone, he carefully checks the
> > 2-3 first uploads and then only does a superficial review... and it's not
> > a big deal as long as the applicant is responsive and correct bugs as they
> > get submitted.
> In my experience later uploads seldom include major changes in the
> packaging, so reviewing what changed is not that much work.
Except when you have a new upstream version where you should download the
upstream tarball and check that it's the same that has been submitted by
the applicant... who does that every time ?
Premier livre français sur Debian GNU/Linux :