Intend to hijack xchat-xsys
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi debian-devel, I've been talking with the maintainer[1] of xchat-xsys[2] for several bugs and many new upstream releases hold back on Debian, and he communicated me that he is not longer interested on maintaining it any more. Unfortunately, my suggestion of orphaning the pkg made no difference to the current maintainer, as he showed no cares at all for it. With a modest popcon of 242[3] and a bug related to a dep, rendering the pkg in an unusable state, this package needs attention. If there are no objections, I plan to upload a new pkg which, not only solves the critical bug I mentioned, it incorporates about 2 years and a half of updates, solving two bugs more listened on BTS. Greetings, UlisesVitulli. ps: If It's *really* needed, there's a DD that can confirm this, but I would prefer not to involve him, as for the friendship he has with the current maintainer. ps2: thanks Andreas Henriksson at #debian-mentors 1. http://qa.debian.org/[EMAIL PROTECTED] 2. http://packages.debian.org/xchat-xsys 3. http://qa.debian.org/popcon.php?package=xchat-xsys -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFH1yF0GcNpEq4d/XQRAmQIAKCPylyOA8pXku769mWnS/zhskSNuACfWGIJ vdzjf/iipHbqwLtIoDurE9Y= =WfcX -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Authentication with LP for DD's using gnupg
Neil Williams escribió: > What about the .dsc files? > > .changes files are lost (so we don't have access to the Changed-By: > field) but .dsc is retained in the Debian pool and therefore available > to the Ubuntu sync process. The .dsc exists for all packages. > > It would be relatively simple to process the .dsc: > > 1. gpg verify the .dsc > 2. parse the output to get the ID list > 3. Compare the ID list against the Maintainer and Uploader control > fields. > 4. If there is a match, add that GnuPG key as an authenticated DD for > the purposes of bug reports - accept any email signed by that GnuPG key > into the bug email system. > > This excludes sponsored packages (which is probably correct), it > excludes NMU's (which is probably fine too). It works on the basis that > the signature has been accepted by dak in the first place. Removals > might have to be manual - although it could be possible to track the > number of packages assigned to each key and remove if that number falls > to zero? > > Is that sufficient to identify a DD? It's not bullet proof and it might > exclude some but this is only for a website login, it's not as if this > method authenticates a DD to modify Ubuntu itself. > > > Had an idea last night: What happens when the maintainer is a team and in the same upload there are two guys (very usual) listened on changelogs, just ignore them managing bugs? Greetings, Dererk signature.asc Description: OpenPGP digital signature
