On Thu, Feb 19, 2004 at 01:05:08PM -0500, Joey Hess wrote: > Matthew Palmer wrote: > > > package I sponsor. I want to know if they are not able to send me a > > > package that will build properly. I want to work with them and be > > > > Since you only get packages for sponsorship which have built in a clean sid > > chroot out of my system, you can be fairly sure of that. > > As you've described the system, it sounds like my sponsee could make > several iterations with bad unbuildable packages before it is ever made > aailable to me to look at. This is what I want to avoid; if they are not > competant to upload a buildable package the first time, I want to know > that.
Noted. An upload history per-person would address that point to some degree. > > I'm interested in how many of your sponsees do you know are/aren't doing, > > say, QA work quietly, or working on d-i, or doing bug triage? I know that > > at least one person I'm sponsoring isn't doing anything on anything else, > > because I used to work with him, but apart from that, the people whose > > packages I've sponsored could be working towards becoming DPL and I'd hardly > > know. Should I know these things? Do you think that a good sponsor should > > be doing these things, or that it's useful in the general case for a sponsor > > to know all of a sponsees other activities? > > I use filtering and scoring to keep track of such things reasonably > well. Unless they're sending patches to maintainers via private email or > something, I am likely to see anything they do in debian. Do you think that is a recommended activity for sponsors in general, or do you do it more for personal curiousity? > > > (I'd also like to see AM's making more use of this information. If I've > > > advocated someone, I can tell you what parts of T&S they have already, > > > IMHO, passed.) > > > > If you put that information into an advocacy report, does the AM ignore it, > > or are they not supposed to take other people's experiences into account? > > (That seems odd, considering that some NMs get their AMs switched on them). > > I didn't know we had avocacy reports, doesn't the current system only > let you enter their email address? >From memory (and this may have changed subsequently), after you say "yes I want to advocate this NM candidate", you get an e-mail saying "please fill in here why you advocate this person, and send it GPG signed back to us". I presume the comments in there would go into the NM's file. > > > (I also hope that nobody roots your autobuilder.) > > > > I'm not keen on ever providing the .debs that come out of the autobuilder. > > Beside the point. Inside the autobuilder, you are running possibly > untrusted code. It's only a local exploit away from running as root, at Yes, I did miss your point. Thank you for pointing it out. Now, does the autobuilder get moved to another machine, or do I just put on my scary face when adding people to the authorised uploaders list? <grin> - Matt
