Ludovic Brenta <[email protected]> writes: > Stephen Leake wrote: >> This means that under the current rules Debian Maintainers cannot >> maintain libraries, only applications. Is that limitation >> deliberate? I >> don't recall seeing it mentioned anywhere. > > I wouldn't go so far as to say Debian Maintainers cannot maintain > libraries; only that they require a sponsor for every binary package > name change, which normally includes soversion changes.
Yes; the work involved in reviewing and uploading is less than fully maintaining. > With Ada, this requirement additionally applies to aliversion changes. > Maybe the Debian Policy for Ada should make that more explicit. I > certainly knew about, and accepted, this limitation all along, and > yes, it is deliberate. I'm pretty sure the soversion change case was > considered when the Debian Maintainer status was created. Ok. >>> Any maintainer can make his package Build-Depend on gnat, or imitate >>> a shared library to fake whatever automatic test I can imagine. >> >> I think you are implying that Bad Things Can Happen if this rule is >> accepted; can you be more explicit? >> >> For example, how would a malicious DM get malicious code uploaded by >> this rule, that they can't do now? > > I think the danger that DM status prevents is that a malicious DM > hijack a package that they don't own. There are strict rules for > non-maintainer uploads; DMs simply cannot do NMUs. I think your > proposed rule would make it much easier for a DM to hijack a package > without a formal NMU, e.g. by renaming one of their binary packages to > a package that already exists. The proposed rule says the new name has to differ from the old name by only a number change, so I don't see how this is possible. -- -- Stephe -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
