Re: RFC: Securing maintainer uploads to master.gnome.org

From: Matthias Clasen <matthias clasen gmail com>
To: desktop-devel-list gnome org
Subject: Re: RFC: Securing maintainer uploads to master.gnome.org
Date: Fri, 11 Nov 2011 10:17:39 -0500

On Fri, Nov 11, 2011 at 4:59 AM, Olav Vitters <olav vitters nl> wrote:
> On Thu, Nov 10, 2011 at 10:21:17PM -0500, Ray Strode wrote:
>> On Thu, Nov 10, 2011 at 6:47 AM, Olav Vitters <olav vitters nl> wrote:
>> > 3. Access is determined using "doap" files
>> > 4. If you're not in the doap file of that module, you cannot upload
>> It's pretty common for people not listed as maintainers in the doap
>> files to do releases, especially for the lesser maintained modules.  I
>> don't think that's a bad thing, either.
>
> Whom? Developers of the module who aren't listed as maintainer, or just
> a random person wanting to release a new tarball of e.g. bonobo or
> libgnome?
>
> Note that ftp-release-list does say when it is a non-maintainer upload.
> It adds the header X-Maintainer-Upload: True if it was uploaded by a
> maintainer, False if not.

I have done plenty of uploads of not-my-own modules over the years, eg
polkit-gnome releases for David, releases for less-actively-maintained
modules like libnotify or gnome-screensaver, etc. But then, I'm in the
release team, so I would be able to continue doing that.

Follow-Ups:
- Re: RFC: Securing maintainer uploads to master.gnome.org
  - From: Bastien Nocera

References:
- RFC: Securing maintainer uploads to master.gnome.org
  - From: Olav Vitters
- Re: RFC: Securing maintainer uploads to master.gnome.org
  - From: Ray Strode
- Re: RFC: Securing maintainer uploads to master.gnome.org
  - From: Olav Vitters

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]