Re: Developers vs Uploaders
Steve Langasek <email@example.com> wrote:
> There are good reasons for having the checks that we do in the NM queue; I
> don't think there's anything in there that should be cut out, being a full
> member of Debian does bring with it a lot of privilege and responsibility,
> and the process for deciding to grant those privileges should be pretty
I disagree with the above. The *process* should be lightweight, so
that work is getting done on debian instead of the NM process. The
*testing* should be harsh, severe and - well - testing.
Changing the NM process from the current interrogation into something
more evidence- or portfolio-based is long overdue. Instead of testing
that people can read and write policy, we should test that people can
do key tasks. Sometimes this may be a dummy task, as not everything
can be done by everybody for real, but hopefully not too often.
However, I seem to recall that this is not a popular opinion yet.
> The question is, is there a way we can minimize the overhead of integrating
> contributions from folks who aren't (yet) DDs? Given what I see and hear
> from various sponsors, the review of sponsored uploads is already a joke;
> various sponsors already trust their sponsorees implicitly, so if there's
> already no real review happening, are we better off dispensing with the
The sponsors who have enough time to make such silly claims should be
spending more time checking their sponsorees packages! I wonder if
some of them are sponsoring because they think NM is needlessly slow,
rather than because they want to do a proper education/mentoring task.
Sponsoring is probably something that needs more guidance. Each
sponsor has their own habits and there's little to say what's the
best. Personally, I think the sponsor should appear in Uploaders
@debian.org to be obvious if it goes wrong, but I think others
disagreed last time I wrote that.
> Hmm. Who's responsible if a DD uploads malware?
Unless there is extreme collusion or negligence, I would expect the DD
to be held responsible, as there are clear project policies against it
and oversight by the project that might detect it.
MJ Ray - see/vidu http://mjr.towers.org.uk/email.html
Webmaster/web developer, statistician, sysadmin, online shop maker,
developer of koha, debian, gobo, gnustep, various mail and web s/w.
Workers co-op @ Weston-super-Mare, Somerset http://www.ttllp.co.uk/