Re: Developers vs Uploaders
On Wed, Mar 14, 2007 at 08:50:06PM +0100, Bastian Venthur wrote:
> Anthony Towns schrieb:
> > My theory is that we should do something like this:
> > 1) create a class of contributors called "debian maintainers"
> My first thought: do we really need this new class of contributors? I
> mean how many people do you currently know fitting in this category
> (don't like to become DD just maintainers). I guess there will be some,
> but I think the amount of people should be high enough to legitimate
> such a big change in our infrastructure.
There is a general current of sentiment that the NM process takes too long,
and we as a project are losing out on valuable potential contributions from
competent folks who are "stuck" in the queue.
There are good reasons for having the checks that we do in the NM queue; I
don't think there's anything in there that should be cut out, being a full
member of Debian does bring with it a lot of privilege and responsibility,
and the process for deciding to grant those privileges should be pretty
The question is, is there a way we can minimize the overhead of integrating
contributions from folks who aren't (yet) DDs? Given what I see and hear
from various sponsors, the review of sponsored uploads is already a joke;
various sponsors already trust their sponsorees implicitly, so if there's
already no real review happening, are we better off dispensing with the
The obvious con to such a system is that it means we will have uploads from
(less experienced) maintainers who have not gone through the full NM
process. The possible pros are a more limber process that lets everyone
(NMs and DDs alike) focus on accomplishing things instead of having to focus
on the process, keeping momentum up, and so forth. The big
(hard-to-quantify) unknown is whether this would have a positive or negative
effect on overall distribution quality...
> Who is responsible if a maintainer uploads malware, the one who
> recommended him? Can we really expect those DDs to take full
> responsibility if they aren't forced to check every package like they
> currently have to do when sponsoring?
Hmm. Who's responsible if a DD uploads malware?
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.