Re: Developers vs Uploaders
Steve Langasek <vorlon@debian.org> wrote:
> There are good reasons for having the checks that we do in the NM queue; I
> don't think there's anything in there that should be cut out, being a full
> member of Debian does bring with it a lot of privilege and responsibility,
> and the process for deciding to grant those privileges should be pretty
> heavy-weight.
I disagree with the above. The *process* should be lightweight, so
that work is getting done on debian instead of the NM process. The
*testing* should be harsh, severe and - well - testing.
Changing the NM process from the current interrogation into something
more evidence- or portfolio-based is long overdue. Instead of testing
that people can read and write policy, we should test that people can
do key tasks. Sometimes this may be a dummy task, as not everything
can be done by everybody for real, but hopefully not too often.
However, I seem to recall that this is not a popular opinion yet.
> The question is, is there a way we can minimize the overhead of integrating
> contributions from folks who aren't (yet) DDs? Given what I see and hear
> from various sponsors, the review of sponsored uploads is already a joke;
> various sponsors already trust their sponsorees implicitly, so if there's
> already no real review happening, are we better off dispensing with the
> illusion?
The sponsors who have enough time to make such silly claims should be
spending more time checking their sponsorees packages! I wonder if
some of them are sponsoring because they think NM is needlessly slow,
rather than because they want to do a proper education/mentoring task.
Sponsoring is probably something that needs more guidance. Each
sponsor has their own habits and there's little to say what's the
best. Personally, I think the sponsor should appear in Uploaders
@debian.org to be obvious if it goes wrong, but I think others
disagreed last time I wrote that.
[...]
> Hmm. Who's responsible if a DD uploads malware?
Unless there is extreme collusion or negligence, I would expect the DD
to be held responsible, as there are clear project policies against it
and oversight by the project that might detect it.
Regards,
--
MJ Ray - see/vidu http://mjr.towers.org.uk/email.html
Webmaster/web developer, statistician, sysadmin, online shop maker,
developer of koha, debian, gobo, gnustep, various mail and web s/w.
Workers co-op @ Weston-super-Mare, Somerset http://www.ttllp.co.uk/
Reply to: