Lex Spoon lex at
Sun Jun 12 20:03:26 UTC 2005

Sounds like a plan, Avi!

Ultimately, we probably want the maintenance policies to go like:

	1. You have to become an approved developer before you can post updates
for official, auto-installable packages.  Otherwise, any random guy can
post trojans to our repository!

	2. We need to think about how to handle releases, so that 3.8 has its
own set of auto-installable packages.  A big step towards handling
releases is having a way to designate sets of packages.  As releases get
closer and pass by, those designations need to become harder to update. 
Not just any developer should be able to flip a tag on and cause a
change to a released set of packages.

	3. We seriously need visible bug trackerss for the packages, so that
release managers has the input they need in assembling the package sets
of #2.

#3 is dead easy.  We just need to install a bug tracker that has a
category  for each package.

#2 is all we can address in the immediate term.  My package universes
toolkit addresses the problem directly -- in fact, we could implement #2
just by saying "package universes is official" -- but it's not a huge
problem and it could be implemented in many other ways as well.  Just
watch out for who is making the decisions; developers should submit
packages for inclusion, but some smaller group (possibly just a singular
release manaer) should give the final approval.

#1 relies on having some sort of membership process, something like
Debian's "new maintainer process".  Before that will work, we need to
set up some sort of organization with bylaws, membership, and elections,
i.e. something like Debian's constitution.  ;)

A great first step is to get things packagized at all, though, and if
Tweak has done it then we can just do what they did.


More information about the Packages mailing list