[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Limited upload rights for NMs GR Proposal

Hash: SHA1

[Same proposal, this time signed.]


Since I don't agree that we don't need a new class of contributors but
very much like the idea to grant some of the proposed DM rights to New
Maintainers after a certain point in their NM career, I propose a
different solution.

The idea is to grant NMs limited upload rights after they're certified
"almost DDs", in a stage where they usually just have to wait (quiet
long) for their AM-report, FD and DAM.

I think the best point is when the AM confirmed that they have passed
all the tests but hasn't yet written the report. After the AM thinks his
applicant has successfully passed all tests, the AM can upload the NM's
key to a new NM-keyring which will enable the new limited upload rights
to the NM.

The keyring maintainers, FD and DAM still have a veto right remove the
applicant again which does not necessarily imply that the NM himself is
rejected. AMs are only allowed to add or remove their own applicants to
the keyring.

Please comment, send patches or second.


The Debian Projects grants limited upload rights to New Maintainers
after their Application Manager (AM):

  * confirmed that the New Maintainer successfully passed the ID-, T&S-
    and P&P check
  * added the New Maintainer's key to the New Maintainer Keyring

If one of the following instances (currently DAM and FD) decides that
the AM's report was incomplete or reject the New Maintainer for other
reasons, the New Maintainer will immediately lose the limited upload
rights until an application manager recommends him again to to DAM.

The following instances have also the right to revoke the limited upload
rights without rejecting the New Maintainer.

The limited upload rights are defined below:

  * none of the uploaded packages are NEW
  * the Maintainer: field of the uploaded .changes file corresponds with
    the owner of the key used (ie, non-developer maintainers may not
    sponsor uploads)
  * none of the packages are being taken over from other source packages
  * the most recent version of the package uploaded to unstable or
    experimental lists the uploader in the Maintainer: or Uploaders:
    fields (ie, non-developer maintainers cannot NMU or hijack packages)

A new keyring will be created, called the "New Maintainer Keyring". It
will be maintained by:

  * the Debian Account Managers
  * the New-maintainer Front Desk
  * the Debian Keyring Maintainers
  * the Application Managers

Application Managers have access to the NM-keyring, but are expected to
add/remove keys of their own New Maintainer applicants only.

The keyring will be packaged for Debian, and regularly uploaded
to unstable.




- --
Bastian Venthur                                      http://venthur.de
Debian Developer                                 venthur at debian org

Version: GnuPG v1.4.6 (GNU/Linux)


Reply to: