Re: DEP 15: Reserved namespace for DD-approved non-maintainer changes
- Date: Sun, 11 Jun 2017 20:18:52 +0200
- From: Christian Seiler <christian@xxxxxxxx>
- Subject: Re: DEP 15: Reserved namespace for DD-approved non-maintainer changes
On 06/11/2017 07:44 PM, Sean Whitton wrote:
> Christian Seiler <christian@xxxxxxxx> writes:
>> To me this looks like a very complicated technical solution
>> to something that I've never encountered as a problem myself.
> Could you explain which parts of the proposal you find to be "very
> complicated"? Possibly I've made them seem much more complicated than
> they actually are.
Well, the "very complicated" was mostly geared at the required
infrastructure behind it. Sure, you can reuse some dgit server
code, but in the end someone needs to maintain this.
> If a package does not have a repo on alioth, the only way for me to
> contribute a fix is to NMU, which always creates work for the
> maintainer, or file a bug report with patches.
> With this DEP, I can push a next/foo branch, and file a bug pointing to
> it. This means neither the maintainer nor contributor need mess around
> with patch files.
You can already create user repositories on Alioth where you can
push stuff. And I suspect that the successor of Alioth will
provide something similar.
My perspective is the following:
- Most contributions to packages I'm (co-)maintaining have come
- I don't care whether a contribution comes from a DD or not. I
always review it before committing it to the package.
So from this perspective you're trying to solve a non-problem,
and throwing a lot of infrastructure at it to do so.
Your goal in wanting to stop people from having to deal with
patch files manually is laudable, but I see the following way
forward to achieve that goal:
- Pull requests.
- Make it easier to create personal copies of remote (!)
repositories in one's own space. (Currently it's still a bit
Whether changes were done by a DD or not is not relevant for
anything that's not an archive upload, IMHO. In the archive it
_is_ relevant as packages get accepted automatically with a
proper signature. But any time there's a person doing manual
review of something (and every maintainer should!), I really
don't see any advantage whatsoever.
 You mentioned that DMs with upload permissions for specific
packages would also be allowed, but I think you could ignore
that completely: a DM will either have permissions to upload
a specific package, in which case they're already a (co-)
maintainer of said package and should have access rights to
the packaging repository, or they don't, in which case they
won't be able to push there.