Trusted maintainers (was: Re: How does a package become orphaned? (was Re: Attn maintainer: python-paramiko))
Tue May 9 20:16:31 GMT 2023
On 01/12/2022 19:41, Jon Turney wrote:
> On 04/11/2022 13:05, Chad Dougherty wrote:
>> On 2022-11-04 08:34, Jon Turney wrote:
> Well, maybe.
> I think a common way for distros to handle this is to have some subset
> of maintainers who are allowed to make NMUs for these "important" updates.
> The problem is we don't really have the concept of an NMU currently,
> although this is (again) due to accidents of history, rather than by
> The current upload policy is:
> - Only the maintainer for a package maintainer is allowed to upload that
> - If a package is orphaned (has no maintainer), there are some "trusted"
> maintainers who are allowed to upload it.
> I'm kind of inclined to relax that a bit, although I'm not sure what to.
I've cleaned-up a lot of the inconsistencies around the abilities of
They can already modify the package maintainer database to handle ITPs,
package orphaning, adoption and removal.
They should now be permitted to upload, git push, deploy, vault, etc.
all packages (orphaned or not), as if they were the package maintainer.
Entrusted with these strange superpowers, the following god-like beings
walk unknown amongst us:
(as a note, they can already do all the above, and more, by virtue of
having cygwin group shell access on sourceware, but I don't consider
that a pre-requisite for the future)
More information about the Cygwin-apps