[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian Maintainers

On Thu, May 31, 2007 at 06:37:53PM +1000, Anthony Towns wrote:
> First, the "Debian Maintainers" concept
> [..]
> I think the process should involve:
> 	- automated application process

This shouldn't be tricky.
Some webpage where the applicant applies and then they point some developers
at a page so that they can recommend/advocate him to be a DM.  Very similar
to nm.debian.org advocate bits.

e.g. https://nm.debian.org/nmadvocate.php?email=hgjghj%40hotmail.com
(which I presume is a fake application for NM but still)

The applicant would provide their keyid, email, name etc.

I think technically this is easy but we need to define who can advocate and
how much contact with the potential DM is needed (see below).

> 	- as close as feasible to automated keyring maintenance

jetring exists and was pretty much designed with this in mind so this should
be easy.

The format for the changesets so far seems to be:

Changed-By: Anthony Towns <ajt@debian.org>
Comment: adding holger as debian-maintainer
Date: Mon, 26 Feb 2007 18:25:59 +1000
  ajt - http://lists.debian.org/debian-newmaint/2007/01/msg00037.html
  kaol - http://lists.debian.org/debian-newmaint/2007/01/msg00038.html
  Receiving and checking key
  pub   1024D/AC583520 2004-05-18
        Key fingerprint = 480E 51BA FB08 CB41 75CC  91B1 5072 D036 AC58 3520
  uid                  Holger Levsen <holger@layer-acht.org>
NM-Page: https://nm.debian.org/nmstatus.php?email=debian%40layer-acht.org
Action: import

> 	- minimal requirements: gpg keyring signed by either one or two
> 	  developers, recommendation by a developer,

We have keycheck.sh [0] already (and it's already used in the above

I think we want some standardised form of recommendations from developers.

How about asking:
	You're receiving this mail because you said you would recommend:
	  Applicant: Joe Bloggs <joe.bloggs@example.org>
	to be a Debian Maintainer, that is to get a key in the DM keyring
	and be allowed to upload packages to the archive.  As this is a
	privileged position, we'd ask that you only recommend people who
	deserve it and that you take the time to fill out the questions

	Be sure to sign this mail with your GPG key.
	- Is the applicant in NM?
	- If yes, are you their AM?
	- Have you sponsored packages into the archive for this applicant
	  (if so describe the quality of the work and the amount/frequency
	  of contributions)?
	- Have you worked on a packaging team for this applicant (if so
	  describe the quality of the work and the amount/frequency of
	- Have you reviewed other work for this applicant (if so describe

The responses are easy to collate and would be sent to some debian mailing
list to form the Advocate: bit of the gpg changeset above.

>	  use of existing fields such as "Maintainer:" and "Uploaders:" to
>	  control access, no provision for uploaders to do NMUs or upload
>	  NEW packages etc

aj, you're probably best placed to talk about how easy it is to implement
the dak changes needed.

> 	- policies developed by consensus and implemented individually by
> 	  developers, in a similar manner to policies for sponsored
> 	  uploads at present, rather than an individual or group setting
> 	  policy or approving applications (like DAM or NEW processing)

It may be hard to come to an agreement on who qualifies but I'd suggest:
	- anyone who is all the way through NM (i.e. after the AM report has
	  been checked by Front Desk) and applies would qualify almost
	  automatically given they can get a couple of developers to sign
	  off the above recommendations.
	- anyone that is strongly recommended by at least 2 developers who
	  have sponsored in packages for the applicant should be allowed
	  into the DM keyring.
	- anyone that is strongly recommended by at least 2 developers who
	  have worked with the applicant on a packaging team and have seen
	  the quality of their commits should be allowed into the DM
	- or some combination of the above.

Does there need to be a period of time for the work?  3 months of
sponsorship/working with the applicant?  Less?  We don't want to put people
off but we need to trust them to a certain extent.

If it were easy for, say, any 2 developers to get an applicant removed
from the DM keyring by sending signed messages in then it would be easy
to lower the bar to applicants.

I'm not sure about other work that might qualify.  Since we're only talking
about the ability to upload it seems to make sense to restrict the
qualification to packaging work.



[0] http://alioth.debian.org/plugins/scmcvs/cvsweb.php/templates/keycheck.sh?cvsroot=nm-templates

oOoOo  "1 girl was just abducted." - Mulder "Kidnapped." - Scully  oOoOo
 oOoOo                "Potato, potato.." - Mulder                 oOoOo
  oOoOo                                                          oOoOo

Attachment: signature.asc
Description: Digital signature

Reply to: