On Thu, Dec 10, 1998 at 01:47:53PM +0100, [EMAIL PROTECTED] wrote: > Instead, "Compiler maintenance group" <[EMAIL PROTECTED]> and > "Debian boot floppies team" <[EMAIL PROTECTED]> should be > used. > > I wholehartedly agree that multi-maintainer groups should have a single > responsible person, but instead of kludgingly using qmail features or > certain general smtp options, the administration should really be the > responsibility of the Debian Project Secretary (who might in turn delegate > the practical work to another volunteer.) This way, there is much less > chance of a group responsible going AWOL and not properly passing on his > tasks to a successor.
My only real concern with maintenance groups concerns PGP signing. I thought the existing tools use the Maintainer: field to determine what PGP key to check the dsc and changes signatures against? dinstall, and any user-level package integrity verification tools, should have a list of what people belong to which maintainenance groups, and accept PGP signatures on a package from any of those people. Unless, of course, only one person in a maintenance group is allowed to do the uploads. But I don't see that we need to be that strict. What occurred to me, but I think would be a bad idea, would be to create a PGP key for the maintainer group. To do that would greatly undermine the "irrefutability" feature of public key cryptography. Anyway, if we can address this concern of mine, I support the idea of maintenance groups. I have even have an idea of yet another package that might benefit from such a thing. <clears throat...> -- G. Branden Robinson | Reality is what refuses to go away when Debian GNU/Linux | I stop believing in it. [EMAIL PROTECTED] | -- Philip K. Dick cartoon.ecn.purdue.edu/~branden/ |
pgpBHh3NlPgk1.pgp
Description: PGP signature
