Re: RFC: Securing maintainer uploads to master.gnome.org



On Fri, 2011-11-11 at 10:17 -0500, Matthias Clasen wrote:
> On Fri, Nov 11, 2011 at 4:59 AM, Olav Vitters <olav vitters nl> wrote:
> > On Thu, Nov 10, 2011 at 10:21:17PM -0500, Ray Strode wrote:
> >> On Thu, Nov 10, 2011 at 6:47 AM, Olav Vitters <olav vitters nl> wrote:
> >> > 3. Access is determined using "doap" files
> >> > 4. If you're not in the doap file of that module, you cannot upload
> >> It's pretty common for people not listed as maintainers in the doap
> >> files to do releases, especially for the lesser maintained modules.  I
> >> don't think that's a bad thing, either.
> >
> > Whom? Developers of the module who aren't listed as maintainer, or just
> > a random person wanting to release a new tarball of e.g. bonobo or
> > libgnome?
> >
> > Note that ftp-release-list does say when it is a non-maintainer upload.
> > It adds the header X-Maintainer-Upload: True if it was uploaded by a
> > maintainer, False if not.
> 
> I have done plenty of uploads of not-my-own modules over the years, eg
> polkit-gnome releases for David, releases for less-actively-maintained
> modules like libnotify or gnome-screensaver, etc. But then, I'm in the
> release team, so I would be able to continue doing that.

I semi-randomly do those sorts of releases as well, usually when a
less-oft used GNOME library needs a release to go along with one of my
modules.

It's useful.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]