[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Developers vs Uploaders

Steve Langasek <vorlon@debian.org> wrote:
> There are good reasons for having the checks that we do in the NM queue; I
> don't think there's anything in there that should be cut out, being a full
> member of Debian does bring with it a lot of privilege and responsibility,
> and the process for deciding to grant those privileges should be pretty
> heavy-weight.

I disagree with the above.  The *process* should be lightweight, so
that work is getting done on debian instead of the NM process.  The
*testing* should be harsh, severe and - well - testing.

Changing the NM process from the current interrogation into something
more evidence- or portfolio-based is long overdue. Instead of testing
that people can read and write policy, we should test that people can
do key tasks.  Sometimes this may be a dummy task, as not everything
can be done by everybody for real, but hopefully not too often.

However, I seem to recall that this is not a popular opinion yet.

> The question is, is there a way we can minimize the overhead of integrating
> contributions from folks who aren't (yet) DDs?  Given what I see and hear
> from various sponsors, the review of sponsored uploads is already a joke;
> various sponsors already trust their sponsorees implicitly, so if there's
> already no real review happening, are we better off dispensing with the
> illusion?

The sponsors who have enough time to make such silly claims should be
spending more time checking their sponsorees packages!  I wonder if
some of them are sponsoring because they think NM is needlessly slow,
rather than because they want to do a proper education/mentoring task.

Sponsoring is probably something that needs more guidance.  Each
sponsor has their own habits and there's little to say what's the
best. Personally, I think the sponsor should appear in Uploaders
@debian.org to be obvious if it goes wrong, but I think others
disagreed last time I wrote that.

> Hmm.  Who's responsible if a DD uploads malware?

Unless there is extreme collusion or negligence, I would expect the DD
to be held responsible, as there are clear project policies against it
and oversight by the project that might detect it.

MJ Ray - see/vidu http://mjr.towers.org.uk/email.html
Webmaster/web developer, statistician, sysadmin, online shop maker,
developer of koha, debian, gobo, gnustep, various mail and web s/w.
Workers co-op @ Weston-super-Mare, Somerset http://www.ttllp.co.uk/

Reply to: