Re: "DM-Upload-Allowed: yes" hack (Was: Debian Maintainers GR Proposal, updated)
On Thu, Jun 28, 2007 at 12:18:31PM +0000, Lucas Nussbaum wrote:
> On 27/06/07 at 12:41 +0100, Anthony Towns wrote:
> > 5) The intial policy for the use of the Debian Maintainer keyring with the
> > Debian archive will be to accept uploads signed by a key in that keyring
> > provided:
> > [...]
> > * the Maintainer: field of the uploaded .changes file corresponds
> > with the owner of the key used (ie, non-developer maintainers
> > may not sponsor uploads)
> That sounds wrong.
> If I'm only listed as an Uploader for the package, I will only appear
> in the "Changed-By:" field, not in the "Maintainer:" field of the
> uploaded .changes.
Well, checking Changed-By: isn't right, that only tells you whose name is
in the top entry of debian/changelog.
In fact, on binary-only uploads (i.e., from buildds), the Maintainer:
field in .changes always corresponds to the builder/signer/uploader, not to
either the Maintainer: field in debian/control or to the name in
debian/changelog. Arguably, this requirement can be satisfied by any DM by
building with dpkg-buildpackage -m<maintaineraddress>
> Also, If a DM is allowed to upload a package, why wouldn't he/she be
> allowed to sponsor uploads for this package?
Well, effectively the DM /could/ sponsor uploads of their own package by
using -m, though that seems unnecessarily convoluted to me anyway.
And for other packages that they're not already a maintainer/uploader on,
the upload would be rejected on other grounds.
So perhaps this requirement is simply redundant and should be dropped, given
that .changes files can always be edited to suit and dpkg-buildpackage
provides options to do exactly that?
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.