Manoj Srivastava wrote: > > Co-maintainers are much closer to what is being done in a package > > than joe-random developer. Also, co-maintainership is far less > > prone to fire-and-forget uploads that hose things, and are nicer to > > people who feel very strongly about their packages. > > Co-maintainerships require communication, and ability and > desire to share decisions, can result in a culture of "it is someone > elses problem (neat aphorism in german, I believe)", and if the team > does not trust one of the members, then things can turn ugly.
There's a nother problem with team maintained packages. The Security Team has to work on packages that are team-maintained in sid every once in a while. Often we want to get in touch with the maintainer privately before disclosure or before releasing the advisory. With team-maintained packages, the maintainer address often points to a mailing list, so we can't talk to them. Even worse are packages in whose changelog the entries aren't signed by a real person but by a list address as well. That's some sort of anonymous maintenance. For such packages the Securtity Team has problems reaching a person to talk to them in time so that we can discuss fixes and prepare updates. The last example I remember is not old and it demonstrated another problem. We contacted the list address but only got a response after we've opened a bug report when released the advisory without any maintainer response. I'm not exactly sure team-maintenance really helps here... Regards, Joey -- MIME - broken solution for a broken design. -- Ralf Baechle -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]