[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Orphaning php-codesniffer, then take it over by the PHP PEAR team

On Thursday 31 May 2012 16:15:31 Jonas Smedegaard wrote:
> [dropping PHP Pear team as cc]
> On 12-05-31 at 03:16pm, George Danchev wrote:
> > On Thursday 31 May 2012 11:47:21 Jonas Smedegaard wrote:
> > > > You and a lot of others fail to realize that the *SPONSOR* is
> > > > responsible for the package.
> > > 
> > > Huh?!?
> > > 
> > > What does "Maintainer:" mean if not the entity being responsible
> > > for, well, maintaining?!?
> > 
> > Who is responsible for the package maintenance in the case where a
> > non-DD is listed in "Maintainer:", and the package is obviosuly signed
> > and uploaded (effectively sponsored) by a DD? I guess it is perfectly
> > reasonable to expect that DD, being in the role of sponsor, is
> > responsible for the package quality and further maintenance. Sponsors
> > are full-fledged DDs, and trying to claim that they are not
> > responsible, or are somehow less responsible than any other
> > non-sponsoring DDs, for the uploads they have done, is obviously plain
> > wrong.
> You avoided my question, it seems: What does "Maintainer:" mean, then?

What does "Uploaders:" field mean?

> Seems to me that for sponsored packages the Maintainer field is a joke!

The gpg signature applied to the upload is not a joke, at all.

> Seems to me that for sponsored packages we need access to ftp logfiles
> to resolve who is responsible for maintaining the package.

Then, please, allow me to introduce you to the 'who-uploads' utility.

> I find both of those plain wrong.  Possibly obviously and maybe even
> hilariously simple, but wrong nonetheless.

Nothing is wrong with the control fields and the gpg signatures applied to the 
uploads actually.

pub 4096R/0E4BD0AB <people.fccf.net/danchev/key pgp.mit.edu>

Reply to: