[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: On the "Debian Maintainers" GR

On Saturday 28 July 2007, Wouter Verhelst wrote:
> On Fri, Jul 27, 2007 at 08:48:26PM +0200, cobaco (aka Bart Cornelis) 
> > Essentially the proposal allows non-DD maintainers (we have 900+, see
> > the thread starting at [1] for details) to upload their own packages IF
> > AND ONLY IF their sponsor has indicated agreement with that by having
> > added the "DM-Upload-Allowed: yes" in the control file of the previous
> > upload.
> Actually, no. The proposal states that a DM can upload their own
> packages, and that any maintainer can allow DM NMUs by adding that field
> to the control file.

<quote proposal=http://www.debian.org/vote/2007/vote_003>
The initial policy for the use of the Debian Maintainer keyring with the 
Debian archive will be to accept uploads signed by a key in that keyring 
1) none of the uploaded packages are NEW 
2) the Maintainer: field of the uploaded .changes file corresponds with the
  owner of the key used (ie, non-developer maintainers may not sponsor
3) none of the packages are being taken over from other source packages 
4) the most recent version of the package uploaded to unstable or
  experimental includes the field "DM-Upload-Allowed: yes" in the source
  section of its control file 
5) the most recent version of the package uploaded to unstable or
  experimental lists the uploader in the Maintainer: or Uploaders: fields
  (ie, non-developer maintainers cannot NMU or hijack packages) 
6) the usual checks applied to uploads from Debian developers pass

from 4) above follows that they can't just upload all their packages by 
default, every package needs to have been previously white-listed for 
upload by a DD (ok, so sponsor was a bid to narrow, but since every DD can 
sponsor any new upload by a non-DD maintainer if he wants it amounts to the 
same thing)

and 5) explicitly says that DMs can't NMU

Cheers, cobaco (aka Bart Cornelis)

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: