Re: Package Review Stats for the week ending January 18th, 2009

[Alexander Kurtakov <akurtako@xxxxxxxxxx>]

drago01 wrote:
> On Thu, Jan 29, 2009 at 8:46 AM, Alexander Kurtakov <akurtako@xxxxxxxxxx> wrote:
>   
> > Robert Scheck wrote:
> >     
> > > On Wed, 28 Jan 2009, Brian Pepple wrote:
> > >
> > >       
> > > > This is all a moot point now though, since a couple of weeks ago FESCo
> > > > approved a proposal to reset the initial seeding of the provenpackager
> > > > group with Packaging Sponsors, and Jesse has made a proposal(1) on
> > > > guidelines for approving someone to the provenpackager group.
> > > >
> > > >     1.
> > > > https://www.redhat.com/archives/fedora-devel-list/2009-January/msg01573.html
> > > >
> > > >         
> > > Again, Jesse's proposal still keeps the same issues, just puts up new
> > > guidelines and enforces nothing. Provenpackager is to critical to just
> > > handle it just using guidelines and by a single provenpackage sponsor.
> > > The approval of multiple (many) sponsors is needed before a packager
> > > can get a provenpackage one - and this is what my proposal is about...
> > >
> > >
> > > Greetings,
> > >  Robert
> > >
> > >
> > >       
> > As everyone is so afraid of the damage provenpackager can do I want to
> > propose something else:
> > Provide a possibility for maintainers to open their package for ***EVERY***
> > packager. I would love to do this.  And do you know why?
> > Because I want to see some community growing and people trying to fix things
> > even if they DO mistakes. How can someone learn if he didn't try to do it?
> > I would prefer if someone fix 3 things and break one because I will have to
> > fix only 1 thing not 3 :). And after pointing the problem to the author it
> > won't happen again ( I believe).
> > P.S. Please don't tell me that I don't care for this packages because I'm
> > upstream author for this packages and I invested my free time in them before
> > started at Red Hat.
> >
> > Alexander Kurtakov
> >     
>
> Did it ever happen that a "provenpackager" or any packager in the days
> of open ACLs cause any real damage to packages (not owned by him)?
> I am not aware of any such cases, it seems to me that we are trying to
> solve a non existing problem.
>   
I'm simply trying to think of a solution for both sides - paranoic-about-security and believe-in-good-will.

Alexander Kurtakov

--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list