Re: RFC: Securing maintainer uploads to master.gnome.org
- From: Bastien Nocera <hadess hadess net>
- To: Matthias Clasen <matthias clasen gmail com>
- Cc: desktop-devel-list gnome org
- Subject: Re: RFC: Securing maintainer uploads to master.gnome.org
- Date: Fri, 11 Nov 2011 15:23:25 +0000
On Fri, 2011-11-11 at 10:17 -0500, Matthias Clasen wrote:
> On Fri, Nov 11, 2011 at 4:59 AM, Olav Vitters <olav vitters nl> wrote:
> > On Thu, Nov 10, 2011 at 10:21:17PM -0500, Ray Strode wrote:
> >> On Thu, Nov 10, 2011 at 6:47 AM, Olav Vitters <olav vitters nl> wrote:
> >> > 3. Access is determined using "doap" files
> >> > 4. If you're not in the doap file of that module, you cannot upload
> >> It's pretty common for people not listed as maintainers in the doap
> >> files to do releases, especially for the lesser maintained modules. I
> >> don't think that's a bad thing, either.
> >
> > Whom? Developers of the module who aren't listed as maintainer, or just
> > a random person wanting to release a new tarball of e.g. bonobo or
> > libgnome?
> >
> > Note that ftp-release-list does say when it is a non-maintainer upload.
> > It adds the header X-Maintainer-Upload: True if it was uploaded by a
> > maintainer, False if not.
>
> I have done plenty of uploads of not-my-own modules over the years, eg
> polkit-gnome releases for David, releases for less-actively-maintained
> modules like libnotify or gnome-screensaver, etc. But then, I'm in the
> release team, so I would be able to continue doing that.
I semi-randomly do those sorts of releases as well, usually when a
less-oft used GNOME library needs a release to go along with one of my
modules.
It's useful.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
