drago01 wrote:
On Thu, Jan 29, 2009 at 8:46 AM, Alexander Kurtakov <akurtako redhat com> wrote:Robert Scheck wrote:On Wed, 28 Jan 2009, Brian Pepple wrote:This is all a moot point now though, since a couple of weeks ago FESCo approved a proposal to reset the initial seeding of the provenpackager group with Packaging Sponsors, and Jesse has made a proposal(1) on guidelines for approving someone to the provenpackager group. 1. https://www.redhat.com/archives/fedora-devel-list/2009-January/msg01573.htmlAgain, Jesse's proposal still keeps the same issues, just puts up new guidelines and enforces nothing. Provenpackager is to critical to just handle it just using guidelines and by a single provenpackage sponsor. The approval of multiple (many) sponsors is needed before a packager can get a provenpackage one - and this is what my proposal is about... Greetings, RobertAs everyone is so afraid of the damage provenpackager can do I want to propose something else: Provide a possibility for maintainers to open their package for ***EVERY*** packager. I would love to do this. And do you know why? Because I want to see some community growing and people trying to fix things even if they DO mistakes. How can someone learn if he didn't try to do it? I would prefer if someone fix 3 things and break one because I will have to fix only 1 thing not 3 :). And after pointing the problem to the author it won't happen again ( I believe). P.S. Please don't tell me that I don't care for this packages because I'm upstream author for this packages and I invested my free time in them before started at Red Hat. Alexander KurtakovDid it ever happen that a "provenpackager" or any packager in the days of open ACLs cause any real damage to packages (not owned by him)? I am not aware of any such cases, it seems to me that we are trying to solve a non existing problem.
I'm simply trying to think of a solution for both sides - paranoic-about-security and believe-in-good-will. Alexander Kurtakov