Hi, On Thu, 15 Mar 2007, Anthony Towns wrote: > Over the past few weeks, after Joey Hess created the jetring keyring > management tool from whole cloth [0], I've been poking at changing dak > to support a "maintainers" keyring [1] so that we can make it possible for > people who want to work on just one or two packages able to do exactly > that. I think that's at a point that I'm happy with now, so ftpmaster > now effectively has the ability to: > > a) add a third keyring for people allowed to upload to the archive, > (in addition to debian-keyring.{gpg,pgp}) that contains keys for > "maintainers" and is managed separately to the developer keyring > > b) restrict certain uploaders from sponsoring packages > (ie, giving signing a .changes file that claims to be made by > someone else) and from doing NMUs (ie, uploading a package that's > maintained by someone else and that they're not listed as an > Uploader for, or anything that needs NEW or BYHAND processing)
If the "Debian maintainer" uploads a package changing the Maintainer/Uploaders field to his own name, what happens ? IMO it should fail. They shouldn't have the right to mark themselves as maintainers/uploaders from random packages. This operation must be done by a DD. Cheers, -- Raphaël Hertzog Premier livre français sur Debian GNU/Linux : http://www.ouaza.com/livre/admin-debian/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]