Package Review Stats for the week ending January 18th, 2009

Alexander Kurtakov akurtako at redhat.com
Thu Jan 29 08:12:49 UTC 2009 

drago01 wrote:
> On Thu, Jan 29, 2009 at 8:46 AM, Alexander Kurtakov <akurtako at redhat.com> wrote:
>   
>> Robert Scheck wrote:
>>     
>>> On Wed, 28 Jan 2009, Brian Pepple wrote:
>>>
>>>       
>>>> This is all a moot point now though, since a couple of weeks ago FESCo
>>>> approved a proposal to reset the initial seeding of the provenpackager
>>>> group with Packaging Sponsors, and Jesse has made a proposal(1) on
>>>> guidelines for approving someone to the provenpackager group.
>>>>
>>>>     1.
>>>> https://www.redhat.com/archives/fedora-devel-list/2009-January/msg01573.html
>>>>
>>>>         
>>> Again, Jesse's proposal still keeps the same issues, just puts up new
>>> guidelines and enforces nothing. Provenpackager is to critical to just
>>> handle it just using guidelines and by a single provenpackage sponsor.
>>> The approval of multiple (many) sponsors is needed before a packager
>>> can get a provenpackage one - and this is what my proposal is about...
>>>
>>>
>>> Greetings,
>>>  Robert
>>>
>>>
>>>       
>> As everyone is so afraid of the damage provenpackager can do I want to
>> propose something else:
>> Provide a possibility for maintainers to open their package for ***EVERY***
>> packager. I would love to do this.  And do you know why?
>> Because I want to see some community growing and people trying to fix things
>> even if they DO mistakes. How can someone learn if he didn't try to do it?
>> I would prefer if someone fix 3 things and break one because I will have to
>> fix only 1 thing not 3 :). And after pointing the problem to the author it
>> won't happen again ( I believe).
>> P.S. Please don't tell me that I don't care for this packages because I'm
>> upstream author for this packages and I invested my free time in them before
>> started at Red Hat.
>>
>> Alexander Kurtakov
>>     
>
> Did it ever happen that a "provenpackager" or any packager in the days
> of open ACLs cause any real damage to packages (not owned by him)?
> I am not aware of any such cases, it seems to me that we are trying to
> solve a non existing problem.
>   
I'm simply trying to think of a solution for both sides - paranoic-about-security and believe-in-good-will.

Alexander Kurtakov

More information about the fedora-devel-list mailing list