On Saturday 28 July 2007, Wouter Verhelst wrote: > On Fri, Jul 27, 2007 at 08:48:26PM +0200, cobaco (aka Bart Cornelis) wrote: > > Essentially the proposal allows non-DD maintainers (we have 900+, see > > the thread starting at [1] for details) to upload their own packages IF > > AND ONLY IF their sponsor has indicated agreement with that by having > > added the "DM-Upload-Allowed: yes" in the control file of the previous > > upload. > > Actually, no. The proposal states that a DM can upload their own > packages, and that any maintainer can allow DM NMUs by adding that field > to the control file. <quote proposal=http://www.debian.org/vote/2007/vote_003> The initial policy for the use of the Debian Maintainer keyring with the Debian archive will be to accept uploads signed by a key in that keyring provided: 1) none of the uploaded packages are NEW 2) the Maintainer: field of the uploaded .changes file corresponds with the owner of the key used (ie, non-developer maintainers may not sponsor uploads) 3) none of the packages are being taken over from other source packages 4) the most recent version of the package uploaded to unstable or experimental includes the field "DM-Upload-Allowed: yes" in the source section of its control file 5) the most recent version of the package uploaded to unstable or experimental lists the uploader in the Maintainer: or Uploaders: fields (ie, non-developer maintainers cannot NMU or hijack packages) 6) the usual checks applied to uploads from Debian developers pass </quote> from 4) above follows that they can't just upload all their packages by default, every package needs to have been previously white-listed for upload by a DD (ok, so sponsor was a bid to narrow, but since every DD can sponsor any new upload by a non-DD maintainer if he wants it amounts to the same thing) and 5) explicitly says that DMs can't NMU -- Cheers, cobaco (aka Bart Cornelis)
Attachment:
signature.asc
Description: This is a digitally signed message part.