Package: debian-policy Severity: normal Hi
I think policy should include some words on the usage of Mailinglists as a Maintainer: address. The current "3.3 The maintainer of a package" reads ---++++--- Every package must have a Debian maintainer (the maintainer may be one person or a group of people reachable from a common email address, such as a mailing list). The maintainer is responsible for ensuring that the package is placed in the appropriate distributions. The maintainer must be specified in the Maintainer control field with their correct name and a working email address. If one person maintains several packages, they should try to avoid having different forms of their name and email address in the Maintainer fields of those packages. The format of the Maintainer control field is described in Maintainer, Section 5.6.2. If the maintainer of a package quits from the Debian project, "Debian QA Group" [EMAIL PROTECTED] takes over the maintainer-ship of the package until someone else volunteers for that task. These packages are called orphaned packages.[5] ---+++--- I propose to add, someone please fix up en_GANNEFF: ---+++--- If the Maintainer address points to a mailing list then that list must be configured to accept mail from those role accounts in Debian used to send automated mails regarding the package. This includes mail from the BTS, all mails from the archive software used on ftp-master as well as other role accounts that are commonly agreed on to send automated mails to the maintainers. a sample implementation of such a whitelist for mailman is running on alioth.debian.org. ---+++--- Additionally I would like: +++---+++ If the Maintainer: field points to a mailing list then the Uploader: field has to contain at least one human. ---+++--- Intention of the first paragraph is clear, and for about 95% of the lists used also already true, thanks to sgran implementing it for alioths mailman, so implementing it now doesnt make all packages RC buggy. Im not sure we should point directly to alioth from within the paragraph, might be better as a footnote. We could also mention that the whitelist definition on alioth is a good location to look for the address regex to whitelist and that one should recheck every X months... The second paragraph is simple making sure there is at least one human listed who is responsible. -- bye Joerg <liw> I'm a blabbermouth
pgpgcfZpQ7qKr.pgp
Description: PGP signature
