[Mageia-dev] Maintainers policy

Christiaan Welvaart cjw at daneel.dyndns.org
Sat Apr 16 15:30:55 CEST 2011

On Wed, 13 Apr 2011, Anne nicolas wrote:

> Following tonight's meeting, we will start one week discussion about
> maintainers policy. Some questions to be discussed:
> - shall we have ACL's on svn, submits?
> - what about having co-maintenership or teams? How shall we manage this?
> - what about sensitive packages ?
> ...
> Pleas make any comments and proposals we could discus to build it.
> Final decisions will be taken during next packagers meeting (20th of
> april)

There seem to be two issues here:

1. A maintainer database, with rules for updating the db
    This does not have to change package submission or svn access,
    but can be used for bug assignment, mailing package check reports and
    package svn commit logs, etc.

2. Restrictions on:
   a) maintainer db modifications
   b) package submission and/or svn access, based on the contents of the
      maintainer db

Of course those 2 issues are related: any upload restrictions allowed by 
policy must be supported in the maintainer db. We don't need to implement 
everying at once, however. A maintainer db without upload restrictions 
will already be a big improvement over the current situation.

There are 2 kinds of groups:
   maintainer groups = several people listed as maintainer for one package
   package groups = several packages that are maintained as if they were a
                    single package, so they always have the same list of

IMHO both features should be supported by the maintainer database:
   - Restricted packages (if allowed) must have at least 2 maintainers.
     This should make it less likely that change requests are simply
   - Maintainer groups can also be useful for unrestricted packages,
     e.g. to divide the work on a large source package.
   - Package groups are likely needed for some software systems like gnome
     and X11 that are split into many smaller source packages.

Here's a partial proposal for phase 1/unrestricted packages:

- anyone can register as maintainer for a (source) package
- maintainers can unregister at any time
- the "oldest" maintainer (first one registered) is primary maintainer,
   officially responsible for the package
- package groups are defined by the project (is there any other way?)
- the maintainer db redirects requests on a package in a group to the
   package group (with an error msg?)


More information about the Mageia-dev mailing list