On Thu, Aug 02, 2007 at 08:12:09AM +0200, Bart Martens wrote:
> Some parts feel very obvious to me. Am I missing something?
In short: try scripting it.
> On Thu, 2007-08-02 at 14:38 +1000, Anthony Towns wrote:
> > At present, how do you find packages that have been packaged by non-DDs
> > and uploaded with the minimal checks by a DD in order to review them,
> > or just get a sense of how common it is?
> The non-DD packager is identified by the "Maintainer:" field, and the
> sponsors is identified by the signature.
DD packages are identified by the maintainer field too, which doesn't
always match up to their debian.org email address (aba@not.so.argh.org,
eg) or their name in db.debian.org (MJ Ray vs M J Ray, eg).
That stops you from being easily able to review who's being sponsored and
who's doing the sponsoring; and that it's all collated together stops you
from being able to tell which sponsored maintainers are highly trusted
by their sponsors and which need extensive review for each upload.
> > At present, if you find someone doing a poor job as a non-DD maintainer
> > or as a sponsor, and they reject suggestions on how to do better, what
> > recourse do you have?
> Suspending the upload right of the sponsor until the sponsor agrees to
> do better.
Which affects not only the sponsored maintainer's packages, but every
other person that developer sponsors, and that developer's own packages.
> Without DMs, if you can get other DDs to agree with your analysis, you
> can pass it on to the DPL and have the sponsor's ability to upload
> suspended, or provide evidence that stricter procedures for sponsoring
> is necessary.
That's something _very_ rarely done. It's been considered in three
cases, ttbomk:
1. August 2003, jfs@debian.org's NMU privs revoked for a few months
for being trigger happy on 0-day NMUs
2. May 2005, branden@ (as XSF member) requested daniels@'s
ability to upload X packages be blocked, based on his hijack
of xrender. That was declined given it appeared to be a one off
instance, and was resolved by re-uploading the previous version.
3. October 2006, all uploads for arm were blocked, which was then
reduced to binary only uploads from non-buildd maintainers for
arm being blocked, after an unofficial autobuilder was setup,
without consultation. That was overruled by GR.
None of those were initiated by the DPL per se -- Branden was DPL at the
time of (2), but was explicitly not using any of the DPL's authority;
and likewise for me and (3).
More particularly, it's only ever been attempted for blocking
non-maintainer uploads -- so that the maintainer's work isn't unduly
interfered with. Blocking the maintainer (or the maintainer's sponsor)
from uploading is a whole different ballgame.
So in short, my opinion right now to a request like that would be "no
way!".
> > At the moment, it's not possible to review if sponsors and non-DD
> > maintainers are doing a good or a bad job on average, and its at best
> > difficult even in specific cases. With the DM process as proposed, that
> > becomes much easier
> Anyone interested can make an overview of non-DD packagers and their
> maintainers by scanning the "Maintainer:" fields and the package
> signatures.
Again, how? Seriously -- please demonstrate.
> > : there's a public record of who's advocating who
> There's currently a public record of who's sponsoring who.
It's possible to create a record of who's sponsoring who by using public
information; it's not remotely easy though.
> > and there's
> > the ability for negative reviews to actually result in some action.
> No, DM's mistakes will already be in unstable and testing before
> negative reviews by DD's are possible.
Uh, there's a delay before packages get into testing so that negative
reviews against unstable can be taken into account.
And, well, unstable is meant to have problems now and then, that's what
it's designed for.
> With sponsoring the negative
> reviews by DD's happen before uploading to unstable.
One round of them might, but they certainly don't all happen
beforehand. And there are clear cases where that's no longer a good use
of anyone's time, such as Pierre described:
http://lists.debian.org/debian-project/2007/03/msg00103.html
> Also, I think that a quick win could be to stop using the term "non-DD",
> and instead calling all contributors "Debian Contributor" (DC).
Where I'm using the term "non-DD" it's because what I'm saying about them
doesn't apply to DDs anyway. Saying "DC" instead of "non-DD maintainer"
would be wrong in such cases, because DDs are DCs too.
> The term "non-DD" sounds negative, almost insulting.
I really don't understand why people think that. Linus Torvalds, Richard
Stallman, Andrew Tridgell and Eben Moglen aren't DDs; what's so bad
about being lumped in with that crowd?
Cheers,
aj
Attachment:
signature.asc
Description: Digital signature