[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Reforming the NM process

On 12 Apr 2006, Panu Kalliokoski said:

> (Please CC me on replies as I'm not subscribing the list.)

        If you set Mail-Folllowup-To: atehwa@sange.fi, you would be
 assured of such a CC from my MUA. I often do not catch such requests
 in the body of the mail.

> The central problem and the only justification for the current
> procedures is that of establishing trust.  I just fail to see why we
> trust our packagers _less_ than the upstreams they are packaging
> for.

        We don't. Every package I have packaged, I have skimmed
 through the source code (needed anyway to assure myself I can help
 fix bugs and aid in development), and run the application is a
 secure, highly audited sandbox, and onlyu then do I upload.  I know
 od at least one package that is not packaged since we do not trust
 the upstream.

> I doubt many of those pieces of software ever receive the close
> scrutiny that the packaging work does.

        This should not be true.

> Furthermore, it seems unfair that NM's have more stringent
> requirements than existing DD's.

        Presumably, since DD's have passsed NM P&P at some point.

> For instance, for voting, I think the process of establishing the
> identity of one's PGP key should be enough.  If Debian wants to
> continue as a technical meritocracy, the votes could be weighed with
> the "amount of contribution" that person has done for Debian.

        The weights, currently, are 0, and 1.0.

In Mexico we have a word for sushi: bait. Josi Simon
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to: