Join GPG web of trust?
Michael Schwendt
fedora at wir-sind-cool.org
Wed Jun 2 10:49:43 UTC 2004
On Wed, 2 Jun 2004 09:34:04 +0300 (EEST), Panu Matilainen wrote:
> The "packager is upstream developer" situation should be sanitized
> somehow...
It is "sanitized" already in that upstream developers _should_ take over
the testing and classification into stable/unstable, and reviewers need
not take responsibility for any run-time issues they might miss.
Reviewers then only need to make sure low-level packaging mistakes are
avoided and any important parts of guidelines are adhered to. Upstream
developers, who do the packaging, make packaging mistakes too. In
particular if they aim at providing distribution-independent spec files or
"user-friendly" packages which output a lot to stdout. Or they might not
be completely accustomed to specific guidelines. Upstream developers can
also provide GPG signatures for the released tarballs on the project home
page, so other packagers benefit from that.
More information about the fedora-devel-list
mailing list