Re: Developers vs Uploaders
Hi,
On Thu, 15 Mar 2007, Anthony Towns wrote:
> Over the past few weeks, after Joey Hess created the jetring keyring
> management tool from whole cloth [0], I've been poking at changing dak
> to support a "maintainers" keyring [1] so that we can make it possible for
> people who want to work on just one or two packages able to do exactly
> that. I think that's at a point that I'm happy with now, so ftpmaster
> now effectively has the ability to:
>
> a) add a third keyring for people allowed to upload to the archive,
> (in addition to debian-keyring.{gpg,pgp}) that contains keys for
> "maintainers" and is managed separately to the developer keyring
>
> b) restrict certain uploaders from sponsoring packages
> (ie, giving signing a .changes file that claims to be made by
> someone else) and from doing NMUs (ie, uploading a package that's
> maintained by someone else and that they're not listed as an
> Uploader for, or anything that needs NEW or BYHAND processing)
If the "Debian maintainer" uploads a package changing the
Maintainer/Uploaders field to his own name, what happens ?
IMO it should fail. They shouldn't have the right to mark themselves
as maintainers/uploaders from random packages. This operation must be done
by a DD.
Cheers,
--
Raphaël Hertzog
Premier livre français sur Debian GNU/Linux :
http://www.ouaza.com/livre/admin-debian/
Reply to: