On Sat, Nov 24, 2007 at 11:22:52PM +0530, Ramakrishnan Muthukrishnan wrote: > [I did not recieve the original email addressed to me by aj, so I am > literally "reading between the lines" to digest the original message] It was sent to your @d.o address, and is in the list archives at: http://lists.debian.org/debian-project/2007/11/msg00145.html > >> Ramakrishnan, how did your sponsorship checking miss both this error > >> and the RC bug (442093) the previous upload introduced by the i386 > >> binary's absence? > I have tried to catch and feed the lintian and linda errors back to > Kartik all the time. I really don't know how I missed it. Well, it was overriden, so unless you'd use lintian with --show-overrides, it wouldn't've shown up. > If I remember right, I did an upload of this package only once. You sponsored both the 0.4-1 and 0.4-2 uploads according to the signatures on the .changes files . AFAICS, there were three places where, as sponsor, you could have picked this issue up: - in the 0.4-1 upload, you should have found that the program didn't work at all after being built, ie spotted Bug#442093 prior to uploading; working more closely with Kartik in solving that bug might have avoided including abs_fdisk at all - in the 0.4-2 upload, you should've seen the changelog entry "added abs_fdisk binary" and wondered why a "binary" was being added to an arch:all package. Or why it wasn't using fdisk from util-linux. - in the 0.4-2 upload, you might've looked at the debdiff against 0.4-1 and noticed the addition of the debian/lintian.override file containing: linhdd: arch-independent-package-contains-binary-or-object ./usr/bin/abs_fdisk and asked what was going on. > Please go ahead with my upload rights removal and also removal from > debian keyring, if you judje people by just one of their actions. In this case it's inaction, and it'd be better if you'd acknowledge the problem and do what you can to avoid it in future. From the above, it seems like when sponsoring packages you're not always: - testing to see if they work - reviewing the changelog with an eye for problems - running debdiff to see if anything looks odd - agreeing to sponsor packages only when you've got time to review them That's only my inference from the results though; maybe you are doing some or all of the above normally, and just slipped up this time. Or maybe you have some other technique to catch problems that makes more sense than the above? Removal of your upload rights is one way of avoiding this mistake in future, but there are lots of other sponsors who could make the same mistake, and given you sponsor other things, it has a lot of collateral damage... Cheers, aj  ajt@merkel:/srv/ftp.debian.org/queue/done$ gpgv \ --keyring /srv/keyring.debian.org/keyrings/debian-keyring.gpg \ 2007/09/06/linhdd_0.4-1_amd64.changes gpgv: Signature made Thu Sep 6 11:01:25 2007 MDT using DSA key ID 6A9F3C38 gpgv: Good signature from "Ramakrishnan M <email@example.com>" ... ajt@merkel:/srv/ftp.debian.org/queue/done$ gpgv \ --keyring /srv/keyring.debian.org/keyrings/debian-keyring.gpg \ 2007/09/19/linhdd_0.4-2_amd64.changes gpgv: Signature made Wed Sep 19 10:19:22 2007 MDT using DSA key ID 6A9F3C38 gpgv: Good signature from "Ramakrishnan M <firstname.lastname@example.org>" ...
Description: Digital signature