[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Review Request: inadyn



On Tue, 2005-04-26 at 12:29 +0200, Michael Schwendt wrote:
> Obviously, _prior_ to sponsoring a new package and prior to importing it
> into CVS, a new package must be reviewed painstakingly and any issues be
> discussed with the packager. The important and relevant reviewing happens
> prior to CVS import. That way, new packagers, who don't have CVS access
> yet, can get packages included, too.
>
> The sponsor, who takes over security relevant checks (e.g. verification of
> upstream locations, tarball origin, licencing), works with a packager on a
> first package version, so it can be imported into CVS, where more people
> see it and can comment on any oddities. Basically, that is the sponsor's
> approval already, but the actual APPROVED message is delayed, because
> after cvs import, other contributors might still have some to add or might
> even block a package.

On the wiki's first step, it only mentions verifying any legal issues,
and having a Extras Contributor sponsor it.  I believe we should also
mention verifying the upstream source location and source integrity.

Also, I think a more thorough check of the spec could be handled after
the CVS import (as it currently states on the wiki), so more people
could see it.  Hopefully, this would make it less of a burden for the
sponsor, since more people would be involved in ironing out issues with
the spec.

/B
-- 
Brian Pepple <bdpepple ameritech net>

gpg --keyserver pgp.mit.edu --recv-keys 810CC15E
BD5E 6F9E 8688 E668 8F5B  CBDE 326A E936 810C C15E

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]