On 12 Apr 2006, Panu Kalliokoski said: > (Please CC me on replies as I'm not subscribing the list.)
If you set Mail-Folllowup-To: [EMAIL PROTECTED], you would be assured of such a CC from my MUA. I often do not catch such requests in the body of the mail. > The central problem and the only justification for the current > procedures is that of establishing trust. I just fail to see why we > trust our packagers _less_ than the upstreams they are packaging > for. We don't. Every package I have packaged, I have skimmed through the source code (needed anyway to assure myself I can help fix bugs and aid in development), and run the application is a secure, highly audited sandbox, and onlyu then do I upload. I know od at least one package that is not packaged since we do not trust the upstream. > I doubt many of those pieces of software ever receive the close > scrutiny that the packaging work does. This should not be true. > > Furthermore, it seems unfair that NM's have more stringent > requirements than existing DD's. Presumably, since DD's have passsed NM P&P at some point. > For instance, for voting, I think the process of establishing the > identity of one's PGP key should be enough. If Debian wants to > continue as a technical meritocracy, the votes could be weighed with > the "amount of contribution" that person has done for Debian. The weights, currently, are 0, and 1.0. manoj -- In Mexico we have a word for sushi: bait. Josi Simon Manoj Srivastava <[EMAIL PROTECTED]> <http://www.debian.org/%7Esrivasta/> 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]