Re: apt 0.6 and how it does *not* solve the problem
Russell Coker <email@example.com> writes:
> Removing developers who don't meet certain criteria (EG no package
> uploads for 6 months) from active status makes a lot of sense.
> Anyone care to propose a GR?
Careful about terminology here. I wouldn't say "remove", just we drop
them from the list of signatures. They are still Debian developers.
When a developer uploads who has been dropped from the list, maybe
some kind of active authentication process can take place. That is,
this is the point for human intervention.
Also, we don't need a GR. This is technical! :) It's a matter,
ultimately, for the apt team, in theory, but really, some sort of
general agreement including the security team, technical committee,
and the DPL is what I would suggest. A GR is not needed.