DM and pkg-perl

Thu Nov 22 10:11:11 UTC 2007

-=| Jeremiah Foster, Thu, Nov 22, 2007 at 09:43:10AM +0100 |=-
> > From: Damyan Ivanov [mailto:dmn at debian.org] 
> > Question 2: how to avoid this unintentional giving of upload rights?
> > 
> > My answer to this is to clean Uploaders: list before 
> > uploading $P with DM-Yes from all non-DDs, except $A. This 
> > would mean we change our polocy about the Uploaders: field 
> > that whoever makes a change worth noting in changelog, adds 
> > him/herself to Uploaders. The nice thing about this policy is 
> > that it makes the contributor feel more responsible and 
> > easier for him/her to track his/her work via packages.qa.d.o 
> > pages. (Note that the fact that $B contributed to $P would 
> > not be wiped, as changelog would keep $B's entries).
> > 
> > So, what do you think about such approach?
> 
> I think it is both good and bad. 
> 
> Good because it models the way pkg-perl works now and that has proven to
> be an effective method of collaboration allowing people to contribute
> significantly to debian without having to become a DD.
> 
> Bad because the problem the DM was meant to solve is still present. The
> goal is (presumably) to give rights to someone to independently upload
> packages to debian.

Not any random package. DM process is meant to give upload rights to a
*selected* set of packages to the DM. At least I understand it that way.
Advocates more-or-less guarantee for the candidate, but a DD maintainer
has to give the final permission for each package.

> If they get that right, they should be considered
> able to package software according to debian's standards

I disagree again. A current package maintainer is required to affirm
that this DM is capable of handling *this* package. Not "capable of
doing debian packages (i.e. any debian package)".

> - this has to
> apply across teams, otherwise you need a team-based flag. In Damyan's
> scenario, an unknown uploader has received approval, but they may or may
> not be competent enough to create packages according to the standards
> that have been informally adopted by the pkg-perl team. This requires a
> DD to approve the package before uploading, thereby obviating the need
> for a DM flag in the first place and keeping the DD approval process for
> uploading packages essentially unchanged, just adding complexity.
> 
> The only way to avoid this, I feel, is to make sure that the quality of
> the DM is sufficiently high that the DDs who oversee uploading feel
> confident that the DM flag is reliable and therefor do not have to
> manually check packages.

True, but as I see it, this is decided for each independent package. And
this is why I proposed to remove non-DM Uploaders at the time the
package is uploaded with DM-Yes. That is, the uploading DD says "I think
$A is capable of handling $P" and not "I think any present and future DM
that happens to be listed in $P's Uploaders is capable of handling $P".
(obviously, more than one DM may be intentionally listed)

The problems I see with the "clean Uploaders" approach are more of a
social mater. "Oh, they don't trust me, stupid DDs, who do they think
they are" anyone? :)

New debian/control field would not avoid this :/

-- 
dam            JabberID: dam at jabber.minus273.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20071122/db1d7557/attachment.pgp 