Trusted maintainers (was: Re: How does a package become orphaned? (was Re: Attn maintainer: python-paramiko))

Jon Turney jon.turney@dronecode.org.uk
Tue May 9 20:16:31 GMT 2023


On 01/12/2022 19:41, Jon Turney wrote:
> On 04/11/2022 13:05, Chad Dougherty wrote:
>> On 2022-11-04 08:34, Jon Turney wrote:
[...]
> 
> Well, maybe.
> 
> I think a common way for distros to handle this is to have some subset 
> of maintainers who are allowed to make NMUs for these "important" updates.
> 
> The problem is we don't really have the concept of an NMU currently, 
> although this is (again) due to accidents of history, rather than by 
> design.
> 
> The current upload policy is:
> - Only the maintainer for a package maintainer is allowed to upload that 
> package.
> - If a package is orphaned (has no maintainer), there are some "trusted" 
> maintainers who are allowed to upload it.
> 
> I'm kind of inclined to relax that a bit, although I'm not sure what to.

I've cleaned-up a lot of the inconsistencies around the abilities of 
"trusted" maintainers.

They can already modify the package maintainer database to handle ITPs, 
package orphaning, adoption and removal.

They should now be permitted to upload, git push, deploy, vault, etc. 
all packages (orphaned or not), as if they were the package maintainer.


Entrusted with these strange superpowers, the following god-like beings 
walk unknown amongst us:

Achim Gratz
Corinna Vinschen
Ken Brown
Marco Atzeri

(as a note, they can already do all the above, and more, by virtue of 
having cygwin group shell access on sourceware, but I don't consider 
that a pre-requisite for the future)



More information about the Cygwin-apps mailing list