[Pkg-privacy-maintainers] New upstream release of MAT

intrigeri intrigeri at debian.org
Fri Jan 1 10:16:24 UTC 2016 

Hi,

[Cc'ing the upstream lead developer, because the workflow changes that
are going on may impact upstream workflow.]

Sascha Steinbiss wrote (31 Dec 2015 18:39:34 GMT) :
> I have updated MAT to the newest upstream version, 0.6.

Excellent! :)

> Is it OK for anyone to just
> push such updates to Alioth and ping the mailing list for sponsoring afterwards?

As far as I'm concerned, it's totally fine this way. Please go ahead!

> I made sure to
> also fetch the changes in upstream’s git history and used gbp-import-orig’s
> '--upstream-vcs-tag’ option to link to their release tag, as advised earlier
> by intrigeri.

I'm very thankful that you did it, I find it very useful in particular
due to the strong links between the MAT upstream project, the Tails
project, and Debian's pkg-privacy.

Let me provide a bit more context wrt. the MAT project, and the role
I've been playing so far: upstream has no peer-review process in place
as it is essentially a one-man project; for various reasons, and
perhaps due to mixing up too many hats, for years I've kinda been the
3rd and 4th eyes that look at the upstream code changes before they
land into Debian. I often do so regularly when I see activity in
upstream's Redmine, and worst case I've been doing it before importing
a new upstream release.

Now that more people take care of this package, I'm not necessarily in
the way anymore. This is a very good thing: too many things are
blocking on me, both in Debian and elsewhere. Thanks!

It also brings the risk, however, that new MAT code lands into Debian
without having seen as much scrutiny as I would like (in particular
given the nature of the software we're discussing). I felt it had to
be clearly told, but I'm not very concerned about it: I'll simply do
such code reviews either after the fact on the Debian side (unless I'm
told it has been done already, of course!). So, Julien, I thought you
need to be aware of this change: it may now happen that a new MAT
release goes into Debian without me (and possibly anyone else) having
done a code review first.

Cheers,
-- 
intrigeri

More information about the Pkg-privacy-maintainers mailing list