Review Request: inadyn
Brian Pepple
bdpepple at ameritech.net
Tue Apr 26 13:11:32 UTC 2005
On Tue, 2005-04-26 at 12:29 +0200, Michael Schwendt wrote:
> Obviously, _prior_ to sponsoring a new package and prior to importing it
> into CVS, a new package must be reviewed painstakingly and any issues be
> discussed with the packager. The important and relevant reviewing happens
> prior to CVS import. That way, new packagers, who don't have CVS access
> yet, can get packages included, too.
>
> The sponsor, who takes over security relevant checks (e.g. verification of
> upstream locations, tarball origin, licencing), works with a packager on a
> first package version, so it can be imported into CVS, where more people
> see it and can comment on any oddities. Basically, that is the sponsor's
> approval already, but the actual APPROVED message is delayed, because
> after cvs import, other contributors might still have some to add or might
> even block a package.
On the wiki's first step, it only mentions verifying any legal issues,
and having a Extras Contributor sponsor it. I believe we should also
mention verifying the upstream source location and source integrity.
Also, I think a more thorough check of the spec could be handled after
the CVS import (as it currently states on the wiki), so more people
could see it. Hopefully, this would make it less of a burden for the
sponsor, since more people would be involved in ironing out issues with
the spec.
/B
--
Brian Pepple <bdpepple at ameritech.net>
gpg --keyserver pgp.mit.edu --recv-keys 810CC15E
BD5E 6F9E 8688 E668 8F5B CBDE 326A E936 810C C15E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-extras-list/attachments/20050426/26e2bf3f/attachment.sig>
More information about the fedora-extras-list
mailing list