[maemo-developers] Maemo extras repository package uploader/maintainer verification?

From: Jeremiah Foster jeremiah at jeremiahfoster.com
Date: Fri Jan 22 17:03:48 EET 2010
On Jan 22, 2010, at 2:19 PM, Ed Bartosh wrote:

> 2010/1/22 Andrew Flegg <andrew at bleb.org>:
>> On Fri, Jan 22, 2010 at 12:59, Simon Pickering <S.G.Pickering at bath.ac.uk> wrote:
>>> 
>>> I'd suggest that the autobuilder checks to see that the uploader's email
>>> address is included in one of the *Maintainer fields; but there is the
>>> slight problem of what happens when someone is uploading someone else's
>>> package (e.g. as a favour when they are away from a build machine)?
>> 
>> There's also packages which are maintained by a team but uploaded by
>> an individual.
>> 
> And there are also packages taken from Debian/Ubuntu and uploaded
> without any change.
> I don't think we should stop them from coming. It's possible to find
> real uploader name in autobuilder logs and might be in the /packages
> web UI as well.
> Bringing new checks like this to the system wouldn't make entrance
> barrier lower for newcomers.

I agree. We should not allow packages uploaded to the repos without a corresponding, correct email address. Unfortunately I think a lot of packages uploaded by Nokia do not use the correct Maemo Policy recommendation, which is to change the maintainer name and email address. I wouldn't like to block the upload of libraries that are key dependencies so I don't think we should flip this switch yet - but it definitely will produce a warning.

Jeremiah
More information about the maemo-developers mailing list