[D-m-team] Cleaning Uploaders -- a mistake?

Daniel Leidert daniel.leidert.spam at gmx.net
Thu Jan 17 06:36:03 UTC 2008 

Am Donnerstag, den 17.01.2008, 14:44 +1000 schrieb Anthony Towns:
> On Wed, Jan 16, 2008 at 11:25:48PM +0100, Daniel Leidert wrote:
> > What about the following: Add another field to the changeset, called
> > packages. The filed should be filled with the package, that DM should be
> > allowed to upload. DMs should (a) already been listed as (co)-maintainer
> > of these packages at PTS or (b) advocates have to agree and explain, why
> > a package should be added to the list of packages a DM is allowed to
> > upload, even if he is not already listed.
> 
> On Thu, Jan 17, 2008 at 11:10:07AM +0930, Paul Wise wrote:
> > I was under the impression that the list of packages a DM is allowed
> > to upload was meant to be based on what regular DDs (rather than the
> > DM team as you seem to propose) have allowed them to upload. 

Yes, of course. But the problem is, that DMs can hijack and NMU other
DM-upload-allowed packages (that's what Damian was referring to). Or are
there limitations I forget?

So my question is if DM upload rights, currently limited by being listed
in Maintainers/Uploaders, having a key in the DM keyring and a sponsored
upload setting XS-DM-Upload-Allowed to yes, should be bound to a per-DM
package list, so other DMs cannot hijack nor NMU other DM-enabled
packages. I mean, the process to become a DD is much different from that
becoming a DM and has different requirements. So where should be the
trust boundary? Should DMs be able to NMU/hijack other DMs packages (I
mean, they just need to list/add their name to Maintainers/Uploaders)?

> That's definitely true.
> 
> It *might* be worth having a short cut so that instead of having to
> become a DM, then get someone to sponsor your next upload so you can
> add DM-Upload-Allowed, and only then be able to make your next upload
> directly, to have a "Packages:" field in the changeset which serves as
> a way of retrospectively adding DM-U-A to the current version of the
> package in the archive.

It wasn't the intention of my idea/comment. Sorry, if my comment was
misleading to this interpretation. I do not vote for the feature, you
and Paul are discussing currently later in this thread. The
advocate/sponsor should decide, if DM-upload rights should be enabled by
sponsoring a package upload setting XS-DM-Upload-Allowed.

Regards, Daniel

More information about the D-m-team mailing list