Hi,

On Wed, 5 Mar 2025 at 10:24, Nilesh Patra wrote:

On 05/03/25 4:47 pm, Sean Whitton wrote:

On Tue 04 Mar 2025 at 09:40am +01, Andreas Tille wrote:

Dear Debian community,

this is bits from DPL for February.


Ftpmaster team is seeking for new team members
==============================================

No, we are not.

Andreas asked us whether we would like a call for volunteers included in Bits. Multiple team members explicitly told him that we now would not
be a good time for that, for us.

Do you mind clarifying why that's the case, unless the reason is truly personal or undisclosable?

+1

According to https://ftp-master.debian.org/ there are currently no
'FTP Trainees'. I would assume you would like to have some at all time
to ensure the team has a healthy pipeline of new members being
trained?

Looking at the stats for NEW queue length in https://ftp-master.debian.org/stat/new-5years.png it seems to have
been the highest ever in November 2024 to January 2025, and the
numbers didn't come down until heroic efforts by mainly one person
(Thorsten).

Many of the aspiring Debian Developers I mentor have been stuck with
their work pending in the NEW queue for months. For example an upload
of src:godot to change source package name to src:godot3 with almost
no other changes has been pending almost two months, and the new
contributor Travis Wrightsman has been mostly idle with his Debian
work just waiting for the package to pass in order to proceed with new
Godot version.

With this experience I am surprised that one FTP-team member is saying
that no help is needed? I wonder if that really is the opinion of
others in the team too?

- Otto

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi Sean and everybody,

Around 12 years ago, I proposed a peer-review system to increase the quality of the packages in the NEW queue. https://wiki.debian.org/CopyrightReview

Maybe we could revisit the idea along these lines:

- a Salsa group into which people fork repos and run CI screens for copyright,
license and missing source issues.

- a peer-review system based on issues or MRs (for instance to a master
repository with a text file tracing the outcome of the reviews).

- as of today people would use it to ensure their submissions to NEW are to
the highest standards and therefore the least likely to waste time of the
FTP team members.

- the outcome of the NEW processing of the peer review is also recorded by
volunteers, allowing to better measure the achievements and usefulness of
the system.

- The FTP team, if they wish, can provide feedback.

- when the FTP team calls for new trainees, applicants who have a track record
of peer reviews in that system can show it to the FTP team, who are free to
do what they want with this information.

- If the FTP team recruits someobody who was peer reviewer and liked that
system, a positive loop is made.

Have a nice day,

Charles

--
Charles Plessy Nagahama, Yomitan, Okinawa, Japan
Debian Med packaging team http://www.debian.org/devel/debian-med Tooting from home https://framapiaf.org/@charles_plessy
- You do not have my permission to use this email to train an AI -

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------OpImOZa01OkK0cpar6tyszIL
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

T24gMDUuMDMuMjUgMTk6NTEsIE90dG8gS2Vrw6Rsw6RpbmVuIHdyb3RlOg0KPiBXaXRoIHRo aXMgZXhwZXJpZW5jZSBJIGFtIHN1cnByaXNlZCB0aGF0IG9uZSBGVFAtdGVhbSBtZW1iZXIg aXMgc2F5aW5nDQo+IHRoYXQgbm8gaGVscCBpcyBuZWVkZWQ/DQoNCkFwcGFyZW50bHkgdGhl IHByb2JsZW0gaXNuJ3QgdGhhdCBubyBoZWxwIGlzIG5lZWRlZCBidXQgdGhhdCBub2JvZHkg aGFzIA0KdGltZSB0byB0cmFpbiB0aGUgbmV3IGhlbHAsIGNpdGluZyBwb3NzaWJsZSBidXJu LW91dCB0cnlpbmcgdG8gZ2V0IA0KYW5zd2VycyBmcm9tIHRoZSBleGlzdGluZyBtZW1iZXJz IGFuZCBsZWF2aW5nIGluIGRpc2FwcG9pbnRtZW50LCBpZiBub3QgDQpkaXNndXN0LiAoTXkg aW50ZXJwcmV0YXRpb24g4oCmKQ0KDQpXaGlsZSB0aGF0J3MgYSB2YWxpZCBjb25jZXJuLCBp dCdzIGEgcHJvYmxlbSBldmVyeSBtYW5hZ2VyIG9mIGFuIA0Kb3ZlcndvcmtlZCB0ZWFtIGlu IHRoZSB3b3JsZCBoYXMgZmFjZWQsIHZvbHVudGVlciBvciBub3QuDQoNClRoZXJlIGFyZSAo b2YgY291cnNlKSBtdWx0aXBsZSB3YXlzIHRvIGFwcHJvYWNoIHRoaXMgaXNzdWUuIFRoZSBw b2ludCANCihhbmQgSSBhc3N1bWUgdGhlIHJlYXNvbiBBbmRyZWFzIGJhc2ljYWxseSBpZ25v cmVkIHRoZSB0ZWFtJ3MgcmVqZWN0aW9uIA0Kb2YgbmV3IG1lbWJlcnMpIGlzIHRoYXQgImRv IG5vdGhpbmcgdW50aWwgc29tZWJvZHkgaGFzIHRpbWUgdG8gdHJhaW4gbmV3IA0KcGVvcGxl IiBpcyBhbW9uZyB0aGUgd29yc3QgcG9zc2libGUgYXBwcm9hY2hlczogZXhwZXJpZW5jZSB0 ZWxscyB1cyB0aGF0IA0KdGhlIG1vc3QgbGlrZWx5IG91dGNvbWUgaXMgImFub3RoZXIgdGVh bSBtZW1iZXJzIHF1aXRzIi4NCg0KLS0gDQotLSByZWdhcmRzDQotLSANCi0tIE1hdHRoaWFz IFVybGljaHMNCg0K

--------------OpImOZa01OkK0cpar6tyszIL--

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEr9eXgvO67AILKKGfcs+OXiW0wpMFAmfJUZwFAwAAAAAACgkQcs+OXiW0wpMr 1hAA3dwzsIrw20r8AkVPy456VPkoO6glxY0v9VMnzItq7PpDanH73JVyHe2CDjFHaZJ7vXvOtD9O o5VDy6cxZ6ZcNjCHpsOzLEhUpVPwvutgsGIky8foodzsaqleSnARclEiTt7prHxLomkkll7ZMjfn /04CCwYOh2WtnEgSqMxqTJ7xFqhODmBGVZVIi0xPzKe7BCiJTqfvubLBuuudRp85/ovkawQGp3zt r4RRKvEBF+L8SGTw7FsWQCArivMiu6mIQhS3Ox5HDolXGKrRT5IkStpw78AQbVrwhREjaNYwDPzy dHc5o1m3dSWxX6QGX9weUSxnshxMFz5yO58mo+Fe+t7YNzcnkMH1CCtfuidqOvlq63PxNieeM28A 8iSwC8q2HlaJ9/tYqNnf5J7NRM1hONM7Vwnss+LVOxjZn9vrfFjaxeq23nxTlby9IrnZMhR6V1Hw LIgKPGypnOD2oI7sXuFKNkTWS1LQwEqk0y8xqDOXQ7cj60LIn18XkQe2HFkpPybWzPgusuksbTEI jnHdjTNKkuLwPcmMtRn+RKkZqu1S9OnjeLmRommrRE12ukiEUP/x40e0TH4TK2nUtkW9STU6qRjC IsSUAwd4MvzErp4droo/BazTCLyLytt/eUBeEduNvMaAFgkaEdvh/qRxJaTTvsdLz8e9fwSdk3Qj i4k=
=KshS
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, Mar 06, 2025 at 08:58:48AM +0100, Marc Haber wrote:

Marc. I'll take my Popcorn with salt please.

yeah, it's pretty funny to see a team burn out and have the same silly
& salty discussion about this again and again.

or maybe not.

also talking about how NEW is a bottleneck will be really motivating
to the person how has been doing most of NEW processing in the last
months.

or maybe not.

I'm not sure about you, but just last week I got a package through NEW
in a few hours. my rust upload folder also told me we (mostly sequoia,
but also rebuilderd) go 86 packages through NEW in the last 15 months,
which means more than one package per week. and that's just our little
corner here.

I do have some complaints about the ftp team, as I have about many things, *but* I also have tremendous respect for their work. and I know, you might
have forgotten but it was discussed on d-d-a iirc, that several improvements are being worked on right, and that's not only tag2upload.

so if the/a team says they cannot handle new members right now and thus
there should be no big announcement asking for new members, I very much
think this should be respected and not be ignored and spread on our
most visible mailing list, where there pain will be consumed with popcorn.


--
cheers,
Holger

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄

war is peace. freedom is slavery. ignorance is strength. infection is health.

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAmfJXzEACgkQCRq4Vgaa qhwaeg/+IjG6ziBYi8A8lQKrcg71haRNvjxaA7KY4zCuQtau2nQJLuEgGTGr8uqX YLJsISuJ/rspQ7wZcL8Pys6BiMq/nHOTD1lmyf7vcXLAHC5IDuDO2tCHPAJ0z8Xd Hq9T0NVp/io1+20AfF4ZcF7FYJAer5NJ6O/BIGtwgMxpWLkqX7ai+YdfpHf/5+iN YinefKoJwPmnftr5p1Ks8pWd9vAFc5ipA8RR4Fv7FaWJ6vmNF9N0SwNmSGLsc3X9 x9XjZVc4JRoiq+2gF+QIJp5zEq2WcZsH3A8m+JqRtUadFKlA+iryB0HiqFa13GYQ hdG5nyiKiQODD4tCQTQJ2J3qgJ+I/dFJ4E8HGSkOpwHJ5wg2xdhlmZ5fPeApCXvW Vus2HY3d+PLjIJir4wAgBXCoe/OXMD8WSPAEsqSRD0Im+MOlp4M8IhlIvZhk8iq1 Ib7GzmvRT3RlH66PCpMxwKOOUmPjfWSA96pvsHtQ7tVQRuACGuvCKfvCx8Fp5+g4 Gg3JhdJDyd96wxpBfqJ+1btnsjOx43q5/fW7pVycjeMFGdEa4dOD30HjVQREc6mV xIraarDA3rfEIAPJT8g0Tpo9tb0vKIOKtn1

On Thu, Mar 06, 2025 at 08:39:13AM +0000, Holger Levsen wrote:

On Thu, Mar 06, 2025 at 08:58:48AM +0100, Marc Haber wrote:

Marc. I'll take my Popcorn with salt please.

yeah, it's pretty funny to see a team burn out and have the same silly
& salty discussion about this again and again.

I apologize for trying to bring a smile into a heated discussion and
will now return to shutting up to non-technical issues.

-- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------Uxe0SBYCNoxMABLPnS1Z7H1d
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

T24gMDYuMDMuMjUgMDk6NTMsIE1hcmMgSGFiZXIgd3JvdGU6DQo+IEkgYXBvbG9naXplIGZv ciB0cnlpbmcgdG8gYnJpbmcgYSBzbWlsZSBpbnRvIGEgaGVhdGVkIGRpc2N1c3Npb24NCg0K VGhhbmsgeW91Lg0KDQotLSANCi0tIHJlZ2FyZHMNCi0tIA0KLS0gTWF0dGhpYXMgVXJsaWNo cw0KDQo=

--------------Uxe0SBYCNoxMABLPnS1Z7H1d--

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEr9eXgvO67AILKKGfcs+OXiW0wpMFAmfJY50FAwAAAAAACgkQcs+OXiW0wpMg Og/9F7qjaAHtW0bJyQ1J/vHV+loOG/2PEn52zsmrN5gUSGicUuap8V7WspeGpPXDsf/3HNIAAUbD BDXUlQB3TupDki7g2kxR9NFtBf++uaNGLvS60olDh4zYQ8olEIHoLpzFGDvth8nMzbX70SrFyCIt 0ZDVG+H6MAnQxNBzadzvrS8YR7k/rYz7uyZ0XwhMF3gZrnbKUWeCF6H+Igv86esq8YyNwtuv+mVE AkvsosAEjNJLUX7AS96f3EMzAadlmhHFU+JuxAs+waPNONrbsktCaA08Fud5upOecj2BaqOaOCYa HdJW+/tzHnHt1sghqNgne3X0f1F+OncKMHyXeDHnCLxSYyKXsMPHLuerACpn18+xHX3sQwlAI2uI ApH4KiSdWQOQUHXH0mYSlm0q9PpwiWMzz0Pyrw9LFJt8SL0VnZv8zn15vaeR5KL/HZ7DC39+6Jqh IFYaH2hYeTFddvF+yQxbKtKI34s12UpTvg0w6Tye76p125W6CZSuAJ7SbmBqREjg6/pBUXkpQIVv fG45Yx6lEOoeSiIXVMASAfOr/HjUDIadadwD9tdxJXkoExSfRYwDsqVWm1Nl7rJK/PeT6dvwIvHx qZHp4torPLyt8cP0UR7cND8LexHfbHIkQopb6p5Xj2kSwx1U06QIKRI8sZ91zdwckIgk/hkkore4 dLE=
=Uuts
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hello,

On Thu 06 Mar 2025 at 01:21pm +09, Charles Plessy wrote:

Hi Sean and everybody,

Around 12 years ago, I proposed a peer-review system to increase the quality of
the packages in the NEW queue. https://wiki.debian.org/CopyrightReview

Maybe we could revisit the idea along these lines:

If someone wants to set this up in a way that doesn't increase ftp team workload but means packages have to be reject'd less often -- by all
means.

--
Sean Whitton

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJNBAEBCgA3FiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmfJbboZHHNwd2hpdHRv bkBzcHdoaXR0b24ubmFtZQAKCRBpW3rkvwZiQGUVEACIQ9Vd8ceP4mIPPivwkaqi ueZr8toWrgdC7AC/3M/eFvnfhX4nreH2eeiY4BCioPNtyMkX8QFEYkxzcP96tFUA o5LX4DhKyeNa8GZ+ibqg0JBu/y29aFW4OtePtm/sBrmXuZCnOh55iMEet7Zr5S8u 7ghdfYfCWLU2BgQrwxBx04aSrLZbJq4AErWcehUJzUcIQ4JC4srD0OVCiFq7b5Lo 6OpsP6+1DuuwTf/QmVh5oGHsrULWHXIDC7szrFefzvabXXU9Hq8Llwk2lk6g70OY zGQk8+BU7Que1YlD2mhIp74iPnxhkOp35LPQr3VBqXy5hGRYiKxHc5Z3YbUoEdD1 ySzPnGP0FNeROVCJ1Up0KkkFLU7nADsoV5d4wU1+JFRvS7Jb6Lcu2/VVCSqZR0SW RCCJmU30+VogkbCAAldUIU26feofUkQi2bqfakZO26pqPo3ZcvEJGLdoU9rkGeU9 bplL58gyJLkj2zUoq+xZJK/LaAuDz8nH637KkeE6dzc3Q1zNhZ50kB7m9uLb16T0 lw6EJqq51d+aSpvcNG6mZ60dC2UlIqzBVgUB11RXiPhxU3NXRkX6ybRAm0QWoCBZ PPoWMPsr9ImwLTYYw8PtWzcL+LKTTSq5XN4xyXkDi0NOQ6rNqC3lCbpr4qvG60hF 6QIbRze31YDukykxiPiskg==yiZK
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Us

Hi,

Le 2025-03-06 10:41, Sean Whitton a écrit :

If someone wants to set this up in a way that doesn't increase ftp team workload but means packages have to be reject'd less often -- by all
means.

Do you have some stats or even just an estimate telling how often this
happens, or is there an archive or a log somewhere that could be used to estimate the rejection frequency and most common causes?

Cheers,

--
Julien Plissonneau Duquène

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hello,

On Thu 06 Mar 2025 at 08:41am +01, Matthias Urlichs wrote:

Apparently the problem isn't that no help is needed but that nobody has time to train the new help, citing possible burn-out trying to get answers from the
existing members and leaving in disappointment, if not disgust. (My interpretation …)

While that's a valid concern, it's a problem every manager of an overworked team in the world has faced, volunteer or not.

There are (of course) multiple ways to approach this issue. The point (and I assume the reason Andreas basically ignored the team's rejection of new members) is that "do nothing until somebody has time to train new people" is among the worst possible approaches: experience tells us that the most likely outcome is "another team members quits".

You can't just throw people at a team of volunteers who are busy doing
other things and say "train them". Nobody wins, there, and the
candidates won't come back at a time when those volunteers *do* have the
time to do the training.

--
Sean Whitton

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJNBAEBCgA3FiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmfJcCYZHHNwd2hpdHRv bkBzcHdoaXR0b24ubmFtZQAKCRBpW3rkvwZiQLN5D/9dBV6ZJDrQO94s/wL+t7Yb rsFNoAEGeEghwyisvzp1X+6p17rawRb3rs7qoVABJuEJAO3JKp5NAVPxf6m1K4Ax ORzKBmuB9CaO3rZwh0Xg6DiLvi7wiFcHIujweNVOweURN6tiJrhFbhQ7Vvd+N0kN FMDEJXGTI5MDPZvQ9cSIVf7vUzFSn6UVgIZsjmp3ofoMIF6oA8wHGJgnfwoY3R30 /caSKRkqk/x6VqpRD0MzVOq4/CAlUYgEVu52NUijXEW17ZK0qEz4rPsxiXYZiauA kd2Lv6lni3kK/5a8BRYFc1KZ7MbVatoKF3EV9d4eHS9uMnInojKjGlQ7ncYB/bqq ixoejx5n95VFtIRuiUH5KNim9Uo2kmMskobSMYosEUdYDc/RkdBaCworoMZnGywX fP93h3OPOpWaGog6rrg4q8uK++5ek+6gBAqGrwtcQpMPUC9mfbNM3iMIlyRcbTIx 6ip2lM0XV+gA2Ko6Syx0j0474p8Uf/UMvK38/L/cxNssYgh4kJNyQPUVPAcJzGFc Kngudws2xdmQsBfK5SISosptIo7eFihi56LhU91dZgPj7jEln4omP1K/AsWsMvSA ZfsmJPF/HX9SzprORgBSIve3p6cAI88EZRivRxJawwtXKYpXXjYlAmytcfow8gOX L49GHd0gzkYcdAssMUKzQw==wTcu
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Us

On Thu, Mar 06, 2025 at 02:54:32PM +0530, Pirate Praveen wrote:

On 3/6/25 2:09 PM, Holger Levsen wrote:

so if the/a team says they cannot handle new members right now and thus there should be no big announcement asking for new members, I very much think this should be respected and not be ignored and spread on our
most visible mailing list, where there pain will be consumed with popcorn.

This has been an long term recurring complaint without any tangible solution or a plan from the concerned team, so I think it is important for the whole project to address it, and not just leave it to the ftp team to resolve it (they ave not been able to address it by themselves for a long time).

yes, maybe, probably.

but the way it's been done here currently is utterly disrespectful und hardly helpful at all.


--
cheers,
Holger

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄

There are no jobs on a dead planet.

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAmfJc/gACgkQCRq4Vgaa qhyV5RAAuWbnMmwuecUSYrQsbFq+nU50JjuRUliCM8SH1GaTxx6zcIEFd/4bOx4a ZFgr/GskZs1BImaPBo3ykYZdSWXMitjRBQdg342UCn46wY//7xSXvahkoNEFkaRd kJ2D7XJ1iB/PWmpw6rJmEc2xJmRKpuNrZXM0gQuwvb2ZgNsaG3cyyPstS/4VrU71 ykeJlehr/Bf6ZONXqCIFsLjBvGFCjqo0WfPz6xe5cN4QIGSfHBqy7/U1VD35JBZM N2WdjCzNq4dr3MOGbd2xO4kxhIZh9ACdC4TgE6vn4v8hyOtX4oHmewK53nW2pqP0 lJPAy4X70kL8DyLip6C/FH5BavJ8CtJrLN0DnQmL9zk1BT67bcp4FzY00+6GSXXr qXmpCKahf5ot70TlHduy33c24bUUSEiNazjWtVRWYTjNbeyFfzkIdTS5bvGgUPNJ 23dbxUrSCDrEZmdWn3dmwL6vp9Y0CSHWLshg++vWnQWGgCPDkYQcWC8kzDuO/axN o/+ayAJbqejS1VQpiCOaHMwRuVHr16ZxoxBSca869NTcPyGA/Sl8dYFCSWo/Ih7I I5z0TLy6hrCYf1s4fuQLpzbm5kphsOxazsLgLL0KhcGycgav7PhSWEql8uqUwqje
lghZ0xBlcS2

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------b5M2UjONHbujRntJU4QN8INd
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

T24gMDYuMDMuMjUgMTA6NTEsIFNlYW4gV2hpdHRvbiB3cm90ZToNCj4gWW91IGNhbid0IGp1 c3QgdGhyb3cgcGVvcGxlIGF0IGEgdGVhbSBvZiB2b2x1bnRlZXJzIHdobyBhcmUgYnVzeSBk b2luZw0KPiBvdGhlciB0aGluZ3MgYW5kIHNheSAidHJhaW4gdGhlbSIuDQoNClRoYXQncyB0 cnVlIGluIGdlbmVyYWwuIEhvd2V2ZXIuDQoNCiogdGhpcyBlcGlzb2RlIGRlbW9uc3RyYXRl cyB0aGF0IHRoZXJlIGFyZSBvYnZpb3VzbHkgYSBmZXcgY3Jvc3NlZCB3aXJlcyANCmJldHdl ZW4gZnRwbWFzdGVyIGFuZCBEUEw7IEkgdGhpbmsgaXQncyBmYWlyIHRvIGFzc3VtZSB0aGF0 IHRoaXMgaXMgbm90IA0KYSByZWNlbnQgZGV2ZWxvcG1lbnQuIEFuZHJlYXMnIGlnbm9yaW5n IHlvdXIgTkFDSyBtYXkgbm90IGhhdmUgYmVlbiANCnBhcnRpY3VsYXJseSBuaWNlIChoZSBj YW4gYXBvbG9naXplIGhpbXNlbGYgOi1QICkgYnV0IGF0IGxlYXN0IGl0IHRocmV3IA0KdGhl IHByb2JsZW0gaW50byB0aGUgc3BvdGxpZ2h0Lg0KDQoqIHRoZXJlIHNlZW0gdG8gYmUgc29t ZSByZWFzb25hYmxlKElNSE8pIGlkZWFzIG91dCB0aGVyZSB0byByZWR1Y2UgDQphbmQvb3Ig c3ByZWFkIHRoZSB3b3JrbG9hZCBvZiBORVcgcHJvY2Vzc2luZy4gVGhlc2Ugb2J2aW91c2x5 IG5lZWQgc29tZSANCmZsZXNoZWQtb3V0IHByb3Bvc2FsLCBkaXNjdXNzaW9uLCBhbmQgcGVv cGxlIHdobyB0aGVuIGltcGxlbWVudCB0aGUgDQpyZXN1bHQuIFRoaXMgcmVxdWlyZXMgdm9s dW50ZWVycyAsIGJ1dCBub3QgbmVjZXNzYXJpbHkgYW55IHVwLWZyb250IA0KdHJhaW5pbmcu DQoNCiogSSBoYXZlIGxlYXJuZWQgKHRoYW5rcyBAcm9laGxpbmcpIHRoYXQgdGhlICphY3R1 YWwqIG1lZGlhbiB0aW1lIA0KcGFja2FnZXMgc3BlbmQgaW4gTkVXIGlzIGxlc3MgdGhhbiB0 d28gZGF5cy4gSW4gb3RoZXIgd29yZHMsICpzb21lYm9keSogDQptdXN0IGhhdmUgKnNvbWUq IHRpbWUgYXZhaWxhYmxlLg0KDQoqIFNwZWFraW5nIGZyb20gcGVyc29uYWwgZXhwZXJpZW5j ZTogRmlnaHRpbmcgYW4gb25nb2luZyB1cGhpbGwgYmF0dGxlIA0KaXMgbXVjaCBsZXNzIHJl d2FyZGluZyB0aGFuIGJ1bGxkb3ppbmcgc29tZSBvZiB0aGF0IGhpbGwgYXdheS4gVGhlIA0K ZWZmZWN0IG9uIGFjdHVhbCB0aW1lIGF2YWlsYWJsZSBmb3IgdGhlIHRhc2sgaW4gcXVlc3Rp b24gc2hvdWxkIGJlIG9idmlvdXMuDQoNCk15IHBlcnNvbmFsIHN1Z2dlc3Rpb24gd291bGQg YmUgdG8gd29yayB3aXRoIG9uZSBvciB0d28gdm9sdW50ZWVycyB0byANCndyaXRlIGEgc29t ZXdoYXQtY29tcHJlaGVuc2l2ZSBob3ctdG8tZnRwbWFzdGVyLXRoZS1ORVctcXVldWUgbWFu dWFsLCBzbyANCnRoYXQgdGhlICpuZXh0KiB0aW1lIHlvdSBoYXZlIGEgYm90dGxlbmVjayB5 b3UgY2FuIHRocm93IHRoYXQgZG9jdW1lbnQgDQphdCB0aGUgdm9sdW50ZWVyIGFuZCBzYXkg ImhlcmUncyB0ZW4gZXhhbXBsZSBwYWNrYWdlcywgZmluZCB0aGVpciANCnByb2JsZW1zIGlm IGFueSwgdGhlbiBjb21lIGJhY2siLg0KDQpGaW5hbGx5LCBhIHF1ZXN0aW9uIC0tIGFzIHlv dSBkb24ndCBzZWVtIHRvIGRvY3VtZW50IHRoZSBpc3N1ZXMgeW91IGhhdmUgDQp3aXRoIGxv bmcgdGVybSBwYWNrYWdlcyBpbiB0aGVpciBJVFAgYnVnLCB3aGVyZSAqZG8qIHlvdSBkb2N1 bWVudCB0aGVtPw0KDQotLSANCi0tIHJlZ2FyZHMNCi0tIA0KLS0gTWF0dGhpYXMgVXJsaWNo cw0KDQo=

--------------b5M2UjONHbujRntJU4QN8INd--

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEr9eXgvO67AILKKGfcs+OXiW0wpMFAmfJmyIFAwAAAAAACgkQcs+OXiW0wpOt Qg/7BIwXk68GhKzwHEyy0iOpWZcUfQZ31tOWVRLG1pEAOwY6rZUCq8GT9cQS/KeEGLJIysZkEOuP B/gyWeI8Oyjkz7i8PKR0gVb337DnFC/ZIaaN6HZWAYcXWmMZ5cJ2kLBLjgjcoeNE5Hap8qpmoJWV giBATU0NEL6xjS0jx+kmRhDzeDNWKboiZX1YjpTDZGOwWVHGT3SW8sLCqcY3QwlhJjG6FvnmIy0z TEDr8jAOztUqfa//m4PbhyDSUwqmFvBinoAYSqhd9PlYrbigfIBxmITqPXY1E/+quhS5HKyGHWC9 iM2HBKZdRbJjeILI3GU3IDIW7yzIrzrTWSp7zJmerORg7GAo7D1Z866SO5F0fN3LnBxP94Yhn9Vs Vel+2xLlPz+hKirnnMT9uiHs99n3tkQWCF4OBYDwXoxOK+bXQMlbs5CCNKYP+cTbGqWfRbDhpUWH 42X+apEsm120OL96gj6meCYu11tCckz+yHPyFtDhtwuzgDeyPEm9fww4xSwL7caWMjK5+OzwIJ57 ckLOX4MwudkSHoxNdCePwXrdqCNpWsweyqedkJZmwmUb+phUWYWTrUMoeaJFzwNxq+zzgKrgGh+3 rv1n6jCHQ5bqrH6NmBI+lh24XplJx4wPWvLVgXSaaOyAnvwYVaU7aSf8H5eYciE/YsBEP4IsjqRj ibs=
=CX3U
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Charles Plessy <plessy@debian.org> writes:

Hi Sean and everybody,

Around 12 years ago, I proposed a peer-review system to increase the quality of
the packages in the NEW queue. https://wiki.debian.org/CopyrightReview

Maybe we could revisit the idea along these lines:

I like this idea, as an opt-in service to prepare for ftp-master review.

I've been doing at least 25 NEW uploads for the past months, and debian/copyright is certainly the biggest manual time consumer for me.

I've learned some tricks to get it right, but I also rely on ftp-masters
to catch me when I miss something.

There are corner-cases where I would like to have a discussion about
some minor aspect, and I've been trying (although not always succeeding)
to not pester ftp-masters with these minor questions.

Having an opt-in service of people who want to perform ftp-master-like debian/copyright review of a package would be helpful for me. I don't
find posting to debian-legal serving this function, where the advice
received is often neither helpful or actionable. Using debian-legal for
this discussion would be fine, maybe that makes it more contributory.

It would also be good to write down some of the finer rules on some
aspects of debian/copyright, such as how to deal with public domain contributions, vendored stuff where there is a known copyright holder
but not mentioned in any file, how to deal with non-free DCO-like
statements, etc.

/Simon

- a Salsa group into which people fork repos and run CI screens for copyright,
license and missing source issues.

- a peer-review system based on issues or MRs (for instance to a master
repository with a text file tracing the outcome of the reviews).

- as of today people would use it to ensure their submissions to NEW are to
the highest standards and therefore the least likely to waste time of the
FTP team members.

- the outcome of the NEW processing of the peer review is also recorded by
volunteers, allowing to better measure the achievements and usefulness of
the system.

- The FTP team, if they wish, can provide feedback.

- when the FTP team calls for new trainees, applicants who have a track record
of peer reviews in that system can show it to the FTP team, who are free to
do what they want with this information.

- If the FTP team recruits someobody who was peer reviewer and liked that
system, a positive loop is made.

Have a nice day,

Charles

-----BEGIN PGP SIGNATURE-----

iQNoBAEWCAMQFiEEo8ychwudMQq61M8vUXIrCP5HRaIFAmfJk80UHHNpbW9uQGpv c2Vmc3Nvbi5vcmfCHCYAmDMEXJLOtBYJKwYBBAHaRw8BAQdACIcrZIvhrxDBkK9f V+QlTmXxo2naObDuGtw58YaxlOu0JVNpbW9uIEpvc2Vmc3NvbiA8c2ltb25Aam9z ZWZzc29uLm9yZz6IlgQTFggAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgBYh BLHSvRN1vst4TPT4xNc89jjFPAa+BQJl/YgIBQkLehFUAAoJENc89jjFPAa+CboA +wUa06RD5e5VTCxvSWtPS75Wq2qBeYGZnf0jvUMxa2n4AP4xkUeAPPnNuMsTm2fs FCDIGaEM2Yn6Vb2huzzT1Fw/BLgzBFySz4EWCSsGAQQB2kcPAQEHQOxTCIOaeXAx I2hIX4HK9bQTpNVei708oNr1Klm8qCGKiPUEGBYIACYCGwIWIQSx0r0Tdb7LeEz0 +MTXPPY4xTwGvgUCZf2IKwUJC3oQqgCBdiAEGRYIAB0WIQSjzJyHC50xCrrUzy9R cisI/kdFogUCXJLPgQAKCRBRcisI/kdFoqdMAQCgH45aseZgIrwKOvUOA9QfsmeE 8GZHYNuFHmM9FEQS6AD6A4x5aYvoY6lo98pgtw2HPDhmcCXFItjXCrV4A0GmJA4J ENc89jjFPAa+GcYA/26YQY05bLtnXiIjTiAzrGQrRXxTHPA8Av7TDFHvIetWAP9s HSoU8OfTwmTiEnGwLlsV7QJclZg3YNz/Ypcp9TqQBrg4BFySz2oSCisGAQQBl1UB BQEBB0AxlRumDW6nZY7A+VCfek9VpEx6PJmdJyYPt3lNHMd6HAMBCAeIfgQYFggA JgIbDBYhBLHSvRN1vst4TPT4xNc89jjFPAa+BQJl/YgwBQkLehDGAAoJENc89jjF PAa+phoA/jrDqIrl/55vUMBhIQv+TP635d2iCTEnyFmbUcP9+gh6APoDsXalVd2c OGxQtSC+TF8PkZMn1TLkJKAjVxr+xx40AgAKCRBRcisI/kdFooerAQDArdH7bJuq 03VQns+uK8KzUzBWUbwmw1Rj2IIOXoBoiwEA2yi2gkQg1A1ndxdeyvQCOFTfhWZK mj/VKYNhayu1rA8=
=KyZr
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi!

Around 12 years ago, I proposed a peer-review system to increase the quality of
the packages in the NEW queue. https://wiki.debian.org/CopyrightReview

For packages that I sponsor, I already do reviews of the
debian/copyright and all other files. These are recorded as Merge
Requests in Salsa. Perhaps the easiest way to achieve the workflow you
envision would be to have a field in the upload metadata that links to
the Merge Request on Salsa, so FTP masters can see who reviewed the
contents and if their feedback was properly addressed in addition to
reviewing the uploaded artifacts from scratch?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi,

Apparently the problem isn't that no help is needed but that nobody has time
to train the new help, citing possible burn-out trying to get answers from the
existing members and leaving in disappointment, if not disgust. (My interpretation …)

While that's a valid concern, it's a problem every manager of an overworked team in the world has faced, volunteer or not.

There are (of course) multiple ways to approach this issue. The point (and I
assume the reason Andreas basically ignored the team's rejection of new members) is that "do nothing until somebody has time to train new people" is
among the worst possible approaches: experience tells us that the most likely
outcome is "another team members quits".

You can't just throw people at a team of volunteers who are busy doing
other things and say "train them". Nobody wins, there, and the
candidates won't come back at a time when those volunteers *do* have the
time to do the training.

I don't think you are quoting the DPL above correctly. I think he had
good judgement, and raising awareness of FTP Masters team being spread
thin and needing more help in a Bits from DPL announcement is the
correct thing to do.

New people standing up and stating they want to help is a good thing,
even with the risk that some of those people would go away while
waiting.

I did also read the queue processing time reports by Matthias and
Timo. On a quick look I wasn't able to find stats on which FTP Master
team member has done how many reviews, but in my experience it seems
to rely on the heroic efforts of a very few people (thanks Thorsten
for all your work!), and having more people in the team would be of
great benefit for Debian, and rightly something the DPL should help
with.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu 06 Mar 2025 at 01:21pm +09, Charles Plessy wrote:

Around 12 years ago, I proposed a peer-review system to increase the quality of
the packages in the NEW queue. https://wiki.debian.org/CopyrightReview

Le Thu, Mar 06, 2025 at 05:41:14PM +0800, Sean Whitton a �crit :

If someone wants to set this up in a way that doesn't increase ftp team workload but means packages have to be reject'd less often -- by all
means.

Thanks Sean, Thorsten and everybody else for the positive feedback.

I have prepared a stub for a "Gateway to NEW" on Salsa:

https://salsa.debian.org/newgateway-team

I added `Debian` as a team member.

I am under the impression that forking repositories will not be necessary: if we provide CI pipeline packages like the salsa-ci project, and smart ways to turn them on and off, then people can run their tests in their own repositories. I have some new r-cran-* packages to prepare next week; I will use them as a proof of principle. Everybody is welcome to be faster than me to test the idea.

I am not entirely sure on where to continue the discussion, but maybe we can try to leverage Salsa as much as possible for that as well?

Have a nice day,

Charles

--
Charles Plessy Nagahama, Yomitan, Okinawa, Japan
Debian Med packaging team http://www.debian.org/devel/debian-med Tooting from home https://framapiaf.org/@charles_plessy
- You do not have my permission to use this email to train an AI -

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 7/3/25 12:29 AM, Otto Kekäläinen wrote:

Hi!

Around 12 years ago, I proposed a peer-review system to increase the quality of
the packages in the NEW queue. https://wiki.debian.org/CopyrightReview

For packages that I sponsor, I already do reviews of the
debian/copyright and all other files. These are recorded as Merge
Requests in Salsa. Perhaps the easiest way to achieve the workflow you envision would be to have a field in the upload metadata that links to
the Merge Request on Salsa, so FTP masters can see who reviewed the
contents and if their feedback was properly addressed in addition to reviewing the uploaded artifacts from scratch?

May be this can go to changelog? As adding new filed may need tools and
people to adjust and can take a long time.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Fri, 07 Mar 2025 at 13:27:54 +0530, Pirate Praveen wrote:

On 7/3/25 12:29 AM, Otto Kek�l�inen wrote:

Around 12 years ago, I proposed a peer-review system to increase the quality of
the packages in the NEW queue. https://wiki.debian.org/CopyrightReview

For packages that I sponsor, I already do reviews of the
debian/copyright and all other files. These are recorded as Merge
Requests in Salsa. Perhaps the easiest way to achieve the workflow you envision would be to have a field in the upload metadata that links to
the Merge Request on Salsa, so FTP masters can see who reviewed the contents and if their feedback was properly addressed in addition to reviewing the uploaded artifacts from scratch?

May be this can go to changelog? As adding new filed may need tools and people to adjust and can take a long time.

If the public NEW-queue viewer at https://ftp-master.debian.org/new.html
is an accurate reflection of the files that the ftp team would look at
first in their internal processes, then the top changelog entry (but only
the top changelog entry, and not later ones), debian/README.source, or
the copyright file itself would be the places to put evidence supporting
the copyright file being correct.

A change history of problems that were reported and fixed doesn't seem
like something that would speed up the ftp team's work: if they feel that
they have to review a change history *in addition* to reviewing the uploaded artifacts, I don't see how that would take a shorter time than only
reviewing the uploaded artifacts. The only way this could help is if the
ftp team were willing to trust the information from peer review and do
a less in-depth review of packages that have had a positive peer review,
but I have not seen any indication from the ftp team that they would be prepared to do that.

So I think it could be better to frame this in terms of finding a good
place to put supporting evidence ("I know the licensing situation
in contrib/foo/ looks strange at first glance, but in fact it's OK because..."), rather than somewhere to put a change history of previous negative feedback being addressed. The ftp team don't need to know about
the existence of previous, wrong packages, they are only approving or
rejecting the hopefully-correct final package that has been submitted
for their review.

smcv

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

How about adding a new header field in debian/copyright (https://dep-team.pages.debian.net/deps/dep5/) called something like
"Reviews" which would be a list of URLs pointing to whatever public
system was used to record a review?

Then whoever reviews the debian/copyright file has easy access to
reviews the package maintainer recorded there.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Charles Plessy <plessy@debian.org> writes:

I have prepared a stub for a "Gateway to NEW" on Salsa:

https://salsa.debian.org/newgateway-team

I added `Debian` as a team member.

I am under the impression that forking repositories will not be necessary: if we provide CI pipeline packages like the salsa-ci project, and smart ways to turn them on and off, then people can run their tests in their own repositories. I have some new r-cran-* packages to prepare next week; I will use them as a proof of principle. Everybody is welcome to be faster than me to
test the idea.

I am not entirely sure on where to continue the discussion, but maybe we can try to leverage Salsa as much as possible for that as well?

Thanks for starting this -- could you re-enable Issues for the Pipelines project?

I suggest to use 'lrc' in the pipeline. I already do this for many
packages, and I just add

- https://salsa.debian.org/debian/licenserecon/raw/main/debian/licenserecon.yml

to the debian/salsa-ci.yml file, see entire example file below. It will
cause a CI failure on any debian/copyright mistakes. Yes, false
positives happens, and it doesn't always handle Autotools projects with
a lot of generated files with complex licenses well.

/Simon

include:
- https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml - https://salsa.debian.org/debian/licenserecon/raw/main/debian/licenserecon.yml

variables:
SALSA_CI_ENABLE_WRAP_AND_SORT: 'true'
SALSA_CI_WRAP_AND_SORT_ARGS: '-asbkt'
SALSA_CI_DISABLE_APTLY: 0
SALSA_CI_LINTIAN_FAIL_WARNING: '1'
SALSA_CI_AUTOPKGTEST_ALLOWED_EXIT_STATUS: '0'

-----BEGIN PGP SIGNATURE-----

iQNoBAEWCAMQFiEEo8ychwudMQq61M8vUXIrCP5HRaIFAmfLKzEUHHNpbW9uQGpv c2Vmc3Nvbi5vcmfCHCYAmDMEXJLOtBYJKwYBBAHaRw8BAQdACIcrZIvhrxDBkK9f V+QlTmXxo2naObDuGtw58YaxlOu0JVNpbW9uIEpvc2Vmc3NvbiA8c2ltb25Aam9z ZWZzc29uLm9yZz6IlgQTFggAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgBYh BLHSvRN1vst4TPT4xNc89jjFPAa+BQJl/YgIBQkLehFUAAoJENc89jjFPAa+CboA +wUa06RD5e5VTCxvSWtPS75Wq2qBeYGZnf0jvUMxa2n4AP4xkUeAPPnNuMsTm2fs FCDIGaEM2Yn6Vb2huzzT1Fw/BLgzBFySz4EWCSsGAQQB2kcPAQEHQOxTCIOaeXAx I2hIX4HK9bQTpNVei708oNr1Klm8qCGKiPUEGBYIACYCGwIWIQSx0r0Tdb7LeEz0 +MTXPPY4xTwGvgUCZf2IKwUJC3oQqgCBdiAEGRYIAB0WIQSjzJyHC50xCrrUzy9R cisI/kdFogUCXJLPgQAKCRBRcisI/kdFoqdMAQCgH45aseZgIrwKOvUOA9QfsmeE 8GZHYNuFHmM9FEQS6AD6A4x5aYvoY6lo98pgtw2HPDhmcCXFItjXCrV4A0GmJA4J ENc89jjFPAa+GcYA/26YQY05bLtnXiIjTiAzrGQrRXxTHPA8Av7TDFHvIetWAP9s HSoU8OfTwmTiEnGwLlsV7QJclZg3YNz/Ypcp9TqQBrg4BFySz2oSCisGAQQBl1UB BQEBB0AxlRumDW6nZY7A+VCfek9VpEx6PJmdJyYPt3lNHMd6HAMBCAeIfgQYFggA JgIbDBYhBLHSvRN1vst4TPT4xNc89jjFPAa+BQJl/YgwBQkLehDGAAoJENc89jjF PAa+phoA/jrDqIrl/55vUMBhIQv+TP635d2iCTEnyFmbUcP9+gh6APoDsXalVd2c OGxQtSC+TF8PkZMn1TLkJKAjVxr+xx40AgAKCRBRcisI/kdForr5AQDDKmblXHEW NX0t5YsuzNiuZt0Tt6SNelle51uyPbmjdwD9G0kvHSxdkYiserxOmUwTfssuopdx A36ggzhWD2/WvAo=
=sPYN
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is a multi-part message in MIME format.

--nextPart2214882.irdbgypaU6
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

On Thursday, March 6, 2025 1:53:27 AM MST Marc Haber wrote:

On Thu, Mar 06, 2025 at 08:39:13AM +0000, Holger Levsen wrote:

On Thu, Mar 06, 2025 at 08:58:48AM +0100, Marc Haber wrote:

Marc. I'll take my Popcorn with salt please.

yeah, it's pretty funny to see a team burn out and have the same silly
& salty discussion about this again and again.

I apologize for trying to bring a smile into a heated discussion and
will now return to shutting up to non-technical issues.

I appreciated the humor.

Sometimes humor is designed to pick on people or make someone feel bad. I don’t
appreciate that type of humor.

Other times humor is designed to lighten a tense conversation in a way that helps
everyone relax and realize that maybe they could discuss a serious topic more productively if everyone wasn’t so tense about it. I find this type of humor to be pleasant
and helpful.

I felt Marc’s comment was the second. YMMV. :)

--
Soren Stoutner
soren@debian.org

--nextPart2214882.irdbgypaU6
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="utf-8"

<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">On Thursday, March 6, 2025 1:53:27 AM MST Marc Haber wrote:</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; On Thu, Mar 06, 2025 at 08:39:13AM +0000, Holger Levsen wrote:</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; &gt;On Thu, Mar 06, 2025 at 08:58:48AM +0100, Marc Haber wrote:</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; &gt;&gt; Marc. I'll take my Popcorn with salt please.</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; &gt;</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">&gt; &gt;yeah, it's pretty funny to see a team burn

Le Fri, Mar 07, 2025 at 06:21:53PM +0100, Simon Josefsson a �crit :

Thanks for starting this -- could you re-enable Issues for the Pipelines >project?

Hi Simon,

I have enabled the issues in all repository. It seems that Salsa's
policy is to have them disabled by default.

I suggest to use 'lrc' in the pipeline. I already do this for many
packages, and I just add

- https://salsa.debian.org/debian/licenserecon/raw/main/debian/licenserecon.yml

Looks good!

Yes, false positives happens, and it doesn't always handle Autotools
projects with a lot of generated files with complex licenses well.

Here we are in the context of entirely new packages, so we can explore
the idea that packages need either to be licenserecon-clean, or to
include a note why they can't, in order to get a review. For instance,
the form to request a review (issue, MR, or service counter, I am not
sure yet), could contain a checklist item about this.

By the way, Simon and everybody elese, please feel free to ask for
elevated Salsa priviledges as soon as you need and as long as the list
of admins does not look already too long to you.

Have a nice day,

Charles

--
Charles Plessy Nagahama, Yomitan, Okinawa, Japan
Debian Med packaging team http://www.debian.org/devel/debian-med Tooting from work, https://fediscience.org/@charles_plessy Tooting from home, https://framapiaf.org/@charles_plessy

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Charles Plessy <plessy@debian.org> writes:

I suggest to use 'lrc' in the pipeline. I already do this for many >>packages, and I just add

- https://salsa.debian.org/debian/licenserecon/raw/main/debian/licenserecon.yml

Looks good!

Yes, false positives happens, and it doesn't always handle Autotools >>projects with a lot of generated files with complex licenses well.

Here we are in the context of entirely new packages, so we can explore
the idea that packages need either to be licenserecon-clean, or to
include a note why they can't, in order to get a review. For instance,
the form to request a review (issue, MR, or service counter, I am not
sure yet), could contain a checklist item about this.

You can add exceptions, similar to lintian overrides, for known false positives:

https://salsa.debian.org/debian/gssproxy/-/blob/master/debian/lrc.excludes?ref_type=heads
https://salsa.debian.org/go-team/packages/golang-github-sigstore-protobuf-specs/-/blob/debian/sid/debian/lrc.config?ref_type=heads

I use it for a bunch of packages, although I have to admit that on
complex false positives I tend to disable it rather than trying to
figure out how to write the exception file and/or file bug reports (bugs
which tends to more often tend to be in licensecheck rather than
licenserecon).

It would be nice to add this to the standard Salsa CI pipeline:

https://salsa.debian.org/salsa-ci-team/pipeline/-/issues/395

The difference of having a 'include' statement in debian/salsa-ci.yml is
not that different from adding some 'variables:' to enable a lrc-job, so
it is not critical to add it to the standard pipeline. Maybe if more
people start to use it we gain more confidence in it as a useful tool,
and later on add it to the standard pipeline.

/Simon

-----BEGIN PGP SIGNATURE-----

iQNoBAEWCAMQFiEEo8ychwudMQq61M8vUXIrCP5HRaIFAmfMBHoUHHNpbW9uQGpv c2Vmc3Nvbi5vcmfCHCYAmDMEXJLOtBYJKwYBBAHaRw8BAQdACIcrZIvhrxDBkK9f V+QlTmXxo2naObDuGtw58YaxlOu0JVNpbW9uIEpvc2Vmc3NvbiA8c2ltb25Aam9z ZWZzc29uLm9yZz6IlgQTFggAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgBYh BLHSvRN1vst4TPT4xNc89jjFPAa+BQJl/YgIBQkLehFUAAoJENc89jjFPAa+CboA +wUa06RD5e5VTCxvSWtPS75Wq2qBeYGZnf0jvUMxa2n4AP4xkUeAPPnNuMsTm2fs FCDIGaEM2Yn6Vb2huzzT1Fw/BLgzBFySz4EWCSsGAQQB2kcPAQEHQOxTCIOaeXAx I2hIX4HK9bQTpNVei708oNr1Klm8qCGKiPUEGBYIACYCGwIWIQSx0r0Tdb7LeEz0 +MTXPPY4xTwGvgUCZf2IKwUJC3oQqgCBdiAEGRYIAB0WIQSjzJyHC50xCrrUzy9R cisI/kdFogUCXJLPgQAKCRBRcisI/kdFoqdMAQCgH45aseZgIrwKOvUOA9QfsmeE 8GZHYNuFHmM9FEQS6AD6A4x5aYvoY6lo98pgtw2HPDhmcCXFItjXCrV4A0GmJA4J ENc89jjFPAa+GcYA/26YQY05bLtnXiIjTiAzrGQrRXxTHPA8Av7TDFHvIetWAP9s HSoU8OfTwmTiEnGwLlsV7QJclZg3YNz/Ypcp9TqQBrg4BFySz2oSCisGAQQBl1UB BQEBB0AxlRumDW6nZY7A+VCfek9VpEx6PJmdJyYPt3lNHMd6HAMBCAeIfgQYFggA JgIbDBYhBLHSvRN1vst4TPT4xNc89jjFPAa+BQJl/YgwBQkLehDGAAoJENc89jjF PAa+phoA/jrDqIrl/55vUMBhIQv+TP635d2iCTEnyFmbUcP9+gh6APoDsXalVd2c OGxQtSC+TF8PkZMn1TLkJKAjVxr+xx40AgAKCRBRcisI/kdFonejAQDdpw9lvN6y WR0lYeBWeTc9NMgahiEVuZarqpfVVvtc2AEApL+qJYZoF9vOUMgESO5KLZnuZ+B+ 2rB5hTI6a+J4Hgg=
=Nx+1
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hello,

On Thu 06 Mar 2025 at 01:54pm +01, Matthias Urlichs wrote:

* I have learned (thanks @roehling) that the *actual* median time packages
spend in NEW is less than two days. In other words, *somebody* must have
*some* time available.

It is almost entirely Thorsten.

My personal suggestion would be to work with one or two volunteers to write a somewhat-comprehensive how-to-ftpmaster-the-NEW-queue manual, so that the *next* time you have a bottleneck you can throw that document at the volunteer
and say "here's ten example packages, find their problems if any, then come back".

The docs are public: https://salsa.debian.org/ftp-team/manpages

Finally, a question -- as you don't seem to document the issues you have with long term packages in their ITP bug, where *do* you document them?

There is a notes system in the 'dak process-new' command.

--
Sean Whitton

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJNBAEBCgA3FiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmfNGgwZHHNwd2hpdHRv bkBzcHdoaXR0b24ubmFtZQAKCRBpW3rkvwZiQCyND/924iYnW4Mqsmaxn0YBYmsU L6zhAGZd1ZGhHohRRN41DHhRl/2R/PfxPXF7HXjQEQjtZs/jyB9ugov84Ekeimxb t6P3bySaGIAiWz5ME1CHtlqvu+Xz7CJPq9kesycTS6trxaftiIS6rGJaf9PuEufK oLROJAv3gARed/tHgnW9+RYJdH1zBgTyk61KzB3PT+aCBPugubDP9iuFcDctAS5e 3vizUzrTUBV+qJJVhUSPGMz/YFIHEo+559POCV35E9H9kLeNk7CY7q7vxg+8j6aV UOwZJk4Y4ChWuoXkO6pCv1H3FcJVSt4Ys2NaSO9OwlmTfBqhHj/y2zT1cxHViXzW /oipFh5HYq+oi+YeaawCU/M5C7QkT1UhwwbvMreFoSfAQTFzwmn+JB2hgAzt43Lb NFY4PKb4I8ChsCs45FfxzKDGADQr3zp2SQi9xLazY0i75SKkDHQ1wHnltp02tnuw ReGI69eU/llTs7Q8qRF9CDrJJr7zBT/h4DyGVlKpu2OhS7R2ApgdM6eHXknSqFfL DhA2QQpyIw7joKPGUfWr/x8bnFC2zHNB2bIDvWs8/b4KbAyM/c6uKe87yCYYEg4M DQD6r0mYyEoF+VQux+wvzpvU25BvbFa7eApuRgTBsdscz2D0Tr7QdBl77tqrzL+Q Ud0k39ZUQUCyMzSz33GhbA==9rWf
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Us

Hello Charles,

Thanks. Please put prominent links to these three places:

- Policy 2.3 -- this covers 90% of my NEW rejects

Based on my experience processing NEW, a lot of DDs don't seem to
really have an understanding of the requirements explained here.
Including me, before I joined the ftp team.
I updated this section to try to capture what I learned.

- Policy 12.5 -- covers some of the othe REJECTs

- the REJECT-FAQ.

--
Sean Whitton

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJNBAEBCgA3FiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmfNJUMZHHNwd2hpdHRv bkBzcHdoaXR0b24ubmFtZQAKCRBpW3rkvwZiQA4CD/9texLgUKDHp8LCILl3EgXX e+z4t5iMJYYrCR/z5+AZTyseJR8aKPMlDP5VWqPq095NK4xdph89kXwO7CmSc3uz M8oEjzo08LUTMPsWxeZwmeXKpI7O1yUL1qOF4n550wwWN7gHoO/t4DgQ+rS1qJYc jLpJ6Zi9+NqeT+7HyPDl1j9zfy8YXhnVv1ZVDyu+S4M1//Nfg/KaJgDw6GQZNUMZ t9YHreEsr8xLZnZb0bbnNndzhFrLtYGyCEkmlVjUnnfaUmd5YKg5RHTtpmGlJ2XD zoyYcdk8YAK5Ziw/yyNE6ClglXmDD97YG7Gm6vNaid9x/KcfbN1Q/rNl0pyi0zdw L3kzkHWMt+R+RU/HpY8NlyR3ISXIj614FVcsw0ISbw+/vmUeUwaJwZ54V9fgqP3F 7DCOERi1M/3RUg6UFanfcb1ejrsTZEUm8fU2Fz0MFq2Rp47pmzXD1p2oBCyKTsJr JFQzRV6+Qq58KXikskixzlWRa4zJZUGWFfGwhSRRmRmuHn8/dfLZFy/t2JrgDMqO Ftc3fG8/jyLVSvUs2UHKt4d0g96pCRL7T9/HYdutbmObC7TrO9E+1cWwhhaAn2mK z7sfggbMZ9CtiZwFTR9KxlyV6js9An0XNSks+UJAzko/ZLl4UF8huh6lHCtCT2dp uCY1C7Y6ipGNs4kTPMITYw==2Vg3
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Us

Hello,

On Fri 07 Mar 2025 at 10:11am GMT, Simon McVittie wrote:

If the public NEW-queue viewer at https://ftp-master.debian.org/new.html
is an accurate reflection of the files that the ftp team would look at
first in their internal processes, then the top changelog entry (but only
the top changelog entry, and not later ones), debian/README.source, or
the copyright file itself would be the places to put evidence supporting
the copyright file being correct.

Just to note that this order is not the order in which they get
presented to us. Instead, there's some logic in 'dak process-new' to
try to sort them helpfully.

It's got some issues, like if a package has a note attached to it then
it gets sorted last, the idea being that the person who left the note
hopefully will get prompted to look at it again in response to an e-mail
from the uploader. That causes things to get stuck at the bottom for
ages, though.

There's command line options to change the order a bit; I think
basically we can choose whether or not binNEW packages get sorted first.
I have that turned off in my shell aliases; I don't know about other
team members.

A change history of problems that were reported and fixed doesn't seem
like something that would speed up the ftp team's work: if they feel that they have to review a change history *in addition* to reviewing the uploaded artifacts, I don't see how that would take a shorter time than only
reviewing the uploaded artifacts. The only way this could help is if the
ftp team were willing to trust the information from peer review and do
a less in-depth review of packages that have had a positive peer review,
but I have not seen any indication from the ftp team that they would be prepared to do that.

Yes.

So I think it could be better to frame this in terms of finding a good
place to put supporting evidence ("I know the licensing situation
in contrib/foo/ looks strange at first glance, but in fact it's OK because..."), rather than somewhere to put a change history of previous negative feedback being addressed. The ftp team don't need to know about
the existence of previous, wrong packages, they are only approving or rejecting the hopefully-correct final package that has been submitted
for their review.

Comments in d/copyright or d/changelog help.

--
Sean Whitton

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJNBAEBCgA3FiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmfNI7YZHHNwd2hpdHRv bkBzcHdoaXR0b24ubmFtZQAKCRBpW3rkvwZiQG5DEAC8W4mSsRAPAPLjTXLW9X5s QwdBeLASVi1NgGb9ipH99P99TDr0LRWrp8RcRYsm+X15WX0OMIE7FnIbeL2IvHhT T4ttz0A44uqAgpAzXHPszz3u84KR8lTpJzsOGj9Lv3kLGVEUm8veuHDvBnKOZwxX 9AZKY99KlM1ZeVqbQVwJOHsMfGq3jdSsgiUd+HjXJKKzwlvTkYFAYv8HM797vz8R eX+iW4wiZ64YNvGTnCM7ee9RhkJbKglMZDL7B42Mo2nLq0Mpaiej3qgEVvQI2J5y xzwuHWexEuehEyKnxY5sHXQhOFcRL5RSan0H2BU19L2iN3FEvfKdyA4pFmd/TXrL GM4qBEOjgsPeru82fgWcwsJbM8N/VG1wF6wuFRpUITeIPRra/NAV7poGfD6CGCc/ f2ezOdbaJ8+YLKbzgBh5c6JD5hUp5B+oJAKS8AD4EFS6QJ6BL2MemIhWVtGP/UkP yW/kJvTVkfrPOtrZxPGkvFENeWCw4IWBlbYzuDzvHUDdqFMUEmwlW5fHfaOYsssG nv8C97JyIP8b6UokdeQAEPTG5JWSfziN5t47RrFVGT0UNSsB9oEa4/mCueHSejTx XUSNofoVe0qMp3O6sArj4PNmcrpvOwh632rxlawgRggGA7rbrpEatlhYJycKN86F T5QbwcAntxyf5opsF/CXSQ==Dsvp
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Us

On Fri, 2025-03-07 at 09:51 +0900, Charles Plessy wrote:

I have prepared a stub for a "Gateway to NEW" on Salsa:

https://salsa.debian.org/newgateway-team

I've got a couple of questions:

Am I correct in assuming that each package to be reviewed will be an
issue under the "reviews" repo (and possibly also mention the relevant
package maintainer there)?

Will packages be reviewed upon request, or will it be fine to pick out
packages from the NEW queue and review them to assist FTP masters?

Thanks for working on this.
--
Maytham

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEESl/RzRFQh8wD3DXB1ZeJcgbF8H8FAmfNZtcACgkQ1ZeJcgbF 8H9W5g/9HOfNlHdQyo5aji44JhKHDt3ZpwCC6l0/Ys7iQZlxEmZXqZcASjsxNoJb Mw6sHODjxvAJZVptxwSxWcho7Tguk/p7j62GNUaHCY42KHFBTUBQ2kAPw9+O2Vup HDC12QrNXRdJx9S1MkI/G0/GAD8zvQWvZpr7deRJpeci7ztKnZ8irbWDdhdfS/uh D8MBUNhXsZe//lyH6wgBqT4/Jhxutsl4WvxZeb+MdWr+albcEjKky8/K0VEs99OA 4zNP44kxGy4JWik9cw+6L2YZCWlZTRsEnGzNu8Pmwms/p6bvbB3G4f8fVCV3RKht gXgKuvBFBpZXYYlbbZP5+il+vM8thwnyrylDhDzOone2EzzPrbWgKIM9eVz3nJwB efXCCXe+LRk9zD+uzs0eZfTTG0IFFavUlcPxWJnyKO5Y8YqC9JJkdqp3I8Vy5aKB uIWmGiLRd34xt29yK/PccSzF+60/2sDb+UGk8czL9Y69GI8YUlGD9N5Gzzhxy1A4 nhINI+iggmvsJp6CVY1NV4xAihWG+/Er9e2cqums1kbmFJFo1/T6QRE9+smBvXDN yFVzrRt1Fk53/7dPS2mOxDIDaE5392tTe9qnyKmJFvcNxPQCRvIxd7fe6n2y7g20 hl4SJQmjE1ccx2eVK6cVP7kPxC8LTJW48bMYEhPWnN7aCPCoBQ0=
=rDgR
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hello,

On Sun 09 Mar 2025 at 12:17pm +01, Simon Josefsson wrote:

Sean Whitton <spwhitton@spwhitton.name> writes:

The docs are public: https://salsa.debian.org/ftp-team/manpages

Those are helpful even for me as uploading packages to NEW! I wish I
had read them before.

Mmm. They sat private access only for ten years, but when I joined the
FTP team I worked to get them published.

Is there any policy to forbid or accept uploading two packages A and B
at the same time to NEW where package A depends on package B?

No such policy. 'dak inspect-upload' is meant to highlight unmet deps
in red so that we don't ACCEPT them in the wrong order, but we often
miss it.

IMO it is the maintainer's responsibility to ensure that NEW+unstable
together is always all installable, if you see what I mean.

--
Sean Whitton

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJNBAEBCgA3FiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmfNfFAZHHNwd2hpdHRv bkBzcHdoaXR0b24ubmFtZQAKCRBpW3rkvwZiQPyeD/92Nl2aLxdtpJRzuO+uNmSi eZukgeSuTjl7i+/t9beuf/RIk2KfA+YJZ4Pef8/x62PSzCkrzDJmA9UVZ/q7a59w GnYO0OrKxMZhJF7JL9R3Zj0vOaWF6aFuh+aONyv9jYVrAQyZRBxlqBJ0ownJh5Qq oR5G8RtiSaQuiXt/F1x+zH7nuOlOaLTSZvgBWU/iuBGMej69nZij2G4gsq/3fgJ+ jxFUD5j7IUEbkmYdVS9kfCkFZ4DMQnJzuMXZuuyCTXSX4VEKjrCT9aV+VbOiZVLv jpwUZYDqHJXP6RSswHcZ/OY40UiyKgXNudLOVEf15l6rLL8c1TvYSPkJPKjq4X1T 5kFEkjDKhuX1cG4O7o3R9DXOp38uQYTrneGg/haTG2E0imUF4QlU9FIpjlA8vYfv oi/NsVZ3yQ0Dmgg88+g2Ws03hsViBLtzuouD/3/AybF3qMjsdDmP42y4Su69x+Jx nxyyWaCRQUKJ7EEjSj9bctvTTQjkei1JKEcY8Z36dZFq/RWskQLXtcI7bdzWMuPJ DejdEuxboPH2il6acJQyQVPowjWbfUBaq/F/iHuXhV7R2+De4SMIyTn/vwLje51m wmiTtOEdXfuV0ps50KM/xy6o8tDJhHcJhiuEkSQXhpST9Msfb2MGxR++Sjrwd4K0 IfGgJSTwEfmdrnpmagF0cw==wdMD
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Us

Sean Whitton <spwhitton@spwhitton.name> writes:

My personal suggestion would be to work with one or two volunteers to write a
somewhat-comprehensive how-to-ftpmaster-the-NEW-queue manual, so that the
*next* time you have a bottleneck you can throw that document at the volunteer
and say "here's ten example packages, find their problems if any, then come >> back".

The docs are public: https://salsa.debian.org/ftp-team/manpages

Those are helpful even for me as uploading packages to NEW! I wish I
had read them before.

Is there any policy to forbid or accept uploading two packages A and B
at the same time to NEW where package A depends on package B?

I am guessing based on earlier e-mail interactions that this causes
problems for your review workflow, so I've stopped doing simultaneous
uploads and instead upload package B first and then wait for ACCEPT and
then upload package A etc.

That policy lead to a slow migration path, since for many Go packages
the dependency chain of NEW packages can be quite deep. If I recall
correctly, I had this dependency situation earlier:

sigstore
-> sigstore-go
-> cosign
-> gittuf
-> gitsign

It would be nice to clarify in those documents if indeed there is a
policy on this. It seems surprising to me, since it would make it
impossible to get a set of NEW packages which have cyclic dependencies
into Debian.

Of course, a more gray situation like "we don't want to forbid it but it
causes us more work so please don't do it" is perfectly fine too.
Writing that down helps people do the right thing. The question has
come up two times for me when sponsoring new Go package uploads.

/Simon

-----BEGIN PGP SIGNATURE-----

iQNoBAEWCAMQFiEEo8ychwudMQq61M8vUXIrCP5HRaIFAmfNeOcUHHNpbW9uQGpv c2Vmc3Nvbi5vcmfCHCYAmDMEXJLOtBYJKwYBBAHaRw8BAQdACIcrZIvhrxDBkK9f V+QlTmXxo2naObDuGtw58YaxlOu0JVNpbW9uIEpvc2Vmc3NvbiA8c2ltb25Aam9z ZWZzc29uLm9yZz6IlgQTFggAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgBYh BLHSvRN1vst4TPT4xNc89jjFPAa+BQJl/YgIBQkLehFUAAoJENc89jjFPAa+CboA +wUa06RD5e5VTCxvSWtPS75Wq2qBeYGZnf0jvUMxa2n4AP4xkUeAPPnNuMsTm2fs FCDIGaEM2Yn6Vb2huzzT1Fw/BLgzBFySz4EWCSsGAQQB2kcPAQEHQOxTCIOaeXAx I2hIX4HK9bQTpNVei708oNr1Klm8qCGKiPUEGBYIACYCGwIWIQSx0r0Tdb7LeEz0 +MTXPPY4xTwGvgUCZf2IKwUJC3oQqgCBdiAEGRYIAB0WIQSjzJyHC50xCrrUzy9R cisI/kdFogUCXJLPgQAKCRBRcisI/kdFoqdMAQCgH45aseZgIrwKOvUOA9QfsmeE 8GZHYNuFHmM9FEQS6AD6A4x5aYvoY6lo98pgtw2HPDhmcCXFItjXCrV4A0GmJA4J ENc89jjFPAa+GcYA/26YQY05bLtnXiIjTiAzrGQrRXxTHPA8Av7TDFHvIetWAP9s HSoU8OfTwmTiEnGwLlsV7QJclZg3YNz/Ypcp9TqQBrg4BFySz2oSCisGAQQBl1UB BQEBB0AxlRumDW6nZY7A+VCfek9VpEx6PJmdJyYPt3lNHMd6HAMBCAeIfgQYFggA JgIbDBYhBLHSvRN1vst4TPT4xNc89jjFPAa+BQJl/YgwBQkLehDGAAoJENc89jjF PAa+phoA/jrDqIrl/55vUMBhIQv+TP635d2iCTEnyFmbUcP9+gh6APoDsXalVd2c OGxQtSC+TF8PkZMn1TLkJKAjVxr+xx40AgAKCRBRcisI/kdFoq3IAPwKQY/G+KxZ 3bRfnMw9K1mBHmvEchNuWrzHrebpGzI7xwEApqPmY3mUaecrQxhBobXxlF7rAzoD wYgqK8jbrQeIhgI=
=/Ruh
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hello,

On Sun 09 Mar 2025 at 12:38pm +01, Simon Josefsson wrote:

What should I do if NEW+unstable becomes uninstallable during the NEW
review period?

Do you want maintainers to re-upload a newly built binary? I've never
done that, but doing so would make sense if you really want maintainers
to ensure that NEW+unstable is installable.

A binary Go package can have 500+ build dependencies transitively, and
the chance of all of those packages staying at the same version in
unstable during NEW review period is pretty slim. I guess that you
already work around this, because I have only very rarely gotten REJECTS because of this reason (guessing max 3 times), and I know the situation
must have occured for several packages that I did get ACCEPT on.

Hmm, your answer makes me think that I didn't understand the question correctly.

So, a more general answer: we mostly care about individual packages and
rely on maintainers and britney to care about how they interact.
But if we see something which seems obviously like introducing breakage
we'll probably ask you about it, and if you tell us it's fine, we'll
probably go ahead.

--
Sean Whitton

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJNBAEBCgA3FiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmfNf+oZHHNwd2hpdHRv bkBzcHdoaXR0b24ubmFtZQAKCRBpW3rkvwZiQM1TD/4sauispKfgaELpcJ2QpUOh wvD+RFjCjJfqHwSyouwCstDAd6jMllrIllwifmo/5n+9oP/SgcDHTfV2bI+dJV0m NajS4Pd6+rs7X/sBi35sXUYdBM6d2NY54x5v165WPcBBicLwhw5asrLcCfJCWFvw rNJS5WbHlj8m3Z58fmzSy/lxOsHVMEF3N5oSQd7HA0Deb6PAkXAe9eRD8o+2V8/t JvU9o8SH2MGEGMAU5w4/4t2KfXBCBwzrfeSN0GNlyWtMKVohidaM5t+B/CCuC8Xt Seu1By93FzG7UtjwApKdM3Juhd9SL913fIxaMTwSwupBBCheYnkDciaRMT2/VXeD XeNf2Du5GtgQxw7x5t++89MVyzLh3PGopN9l5+g30IibsihmAlFGuee1h+LbQa5w WJcR6asOydtjBE33KpXoxqs/Q5we1/cDo+f2pV8NBF1UKDkXfFBWJeHm6OeVPNNQ vC+I3t4mQSJskYOQnpklqSpNHFEkHSA8JRk1NZO27JaG4K+KBy2VfDB8OPlRevQw cG9OQy9uZNjsZO1R3FJpNHyyKdHvo017V6qWf0xpnYsD2G8VxjfC1J6fdMA1d4Ul VRYeiOg8S6MlQQdkstInn/VdaI1GhSwmh/GrM+GaijY8zf09BOcH7tdVqEbPAKRE gUPcTD8CPiWE8TEVOOVy8Q==coea
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Us

On Sun, 09 Mar 2025 at 19:32:32 +0800, Sean Whitton wrote:

IMO it is the maintainer's responsibility to ensure that NEW+unstable >together is always all installable, if you see what I mean.

Do I assume correctly that this principle can be weakened for
experimental-NEW?

As a general principle I think uploads to NEW that are more complicated
than a completely new leaf package should usually be to experimental,
unless there is a reason why this specific package can't (for example if foo_2.0 is already in experimental and now the maintainer needs a
package-split or a new SONAME for foo_1.2 in unstable). A lot of the
time the NEW package will need a new sourceful upload after it's been
accepted *anyway*, to get a source-only upload that can migrate to
testing - and if the package is in binary-NEW because it has a new
SONAME, it's better to have the maintainer and not the ftp team be in
control of the point at which it hits unstable and starts a transition.

Does the ftp team agree with that as a general idea? And if a largeish dependency graph needs uploading together, is it OK to upload them all
to experimental-NEW, with the idea that if the ftp team accepts them in
the wrong order they'll just sit in BD-Uninstallable status until the
whole batch has been processed, with no real harm done?

smcv

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Sean Whitton <spwhitton@spwhitton.name> writes:

Hello Charles,

Thanks. Please put prominent links to these three places:

- Policy 2.3 -- this covers 90% of my NEW rejects

Based on my experience processing NEW, a lot of DDs don't seem to
really have an understanding of the requirements explained here.
Including me, before I joined the ftp team.
I updated this section to try to capture what I learned.

- Policy 12.5 -- covers some of the othe REJECTs

- the REJECT-FAQ.

Might it be worth linking to those policy sections, here perhaps:

https://ftp-master.debian.org/#rejections

and then linking to that from the NEW summary page.

People looking at the NEW summary page are quite likely to be wondering
if they may have done something wrong, so will be motivated to follow
the links, and might even manage to notice a reason for a rejection by themselves, and fix it unprompted.

Cheers, Phil.
--
Philip Hands -- https://hands.com/~phil

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3/FBWs4yJ/zyBwfW0EujoAEl1cAFAmfOwBcACgkQ0EujoAEl 1cDj5w//W6tcIbG2je076fEqSYSNZgEEAd03makT+pTnBEPYd3C2HtLvDXqeFbWt /XXdeqB44TC0CMC7CFb3w165QCFBcSNi+WU1VcydGlp25xImpPCu1ch02GKqSA12 26T4yjiaon0NE35YHjWDL6LYp6gUEvHBO8XuNnXfwqqUwVpkOBm3y3VBI3HhZ9PL ml/NC5Tz3FJZRnQPPpJ0o+bC0QOzQqN+lQa0PHyq9YPm6GHdeDcEX37NovDAE3yt 0F1ieA4mCFO4UtQ9T+879WgMuuhbgZXwYTPM3oZXdTPNp1cLj27zPG3ADn0Y4s/p mb5AEyyOrV6l7oc/GbK4c89CUw8queWnKunHkG8ACPzLvC/4vs4GY1R+ZgU6qylM o6DW0Gf4eGvs8Dp1c2qTmjPEswNouAptvukQ7M/vgTKbJeKI3T1p6Emvxup1Yual nP2P+BWRjLa4sxD1yf1itGeTOYZRgIFt0P+0lZsJlGkL+VeXSJo5N9atHmwAP8Ft Yb/EdSOjFzKi/kBfLl4hxdUyK6+UKk3Xti4xohIiLcuulxc60ELRatH+jom8AlXG D0V2A3Pdun0erg50EF2ySUWaBh1oCyOiCBnt25zX5Yu5viJE3neFaaw74IpQ4kSy InUvfryE0CsBDO4ri1N4QYGHQNpD2p6so3Hiu6KHpdSdnHCOQxU=gIfo
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gatewa

On Fri, 2025-03-07 at 09:51 +0900, Charles Plessy wrote:

I have prepared a stub for a "Gateway to NEW" on Salsa:

https://salsa.debian.org/newgateway-team

Le Sun, Mar 09, 2025 at 06:00:55PM +0800, Maytham Alsudany a �crit :

Am I correct in assuming that each package to be reviewed will be an
issue under the "reviews" repo (and possibly also mention the relevant package maintainer there)?

Will packages be reviewed upon request, or will it be fine to pick out packages from the NEW queue and review them to assist FTP masters?

The way I envision it, is that people will ask for peer review before uploading to the NEW queue. One of the reasons is that we will provide CI pipelines and checklists that assist the preparation of the `debian/copyright` file, and once the maintainer has used that system, requesting a review will be only a few clicks away. At the moment I have the impression that ussing issues is the easiest way, but alternatively Merge Requests on the file that tracks packages and their reviews could work too.

I have made a very simple proof or concept here:

https://salsa.debian.org/newgateway-team/reviews/-/blob/main/README.md?ref_type=heads

I have not finished to collect the contents of the checklists, and I am just at the beginning of learning how CI pipelines work on GitLab. People intersted in making the NEW gateway happen, your contribution is most welcome! It can not be the pet project of a single person. In any case, I will use it for my packages
and will do my best to convince my team mates to do so too :)

Have a nice day,

Charles

--
Charles Plessy Nagahama, Yomitan, Okinawa, Japan
Debian Med packaging team http://www.debian.org/devel/debian-med Tooting from home https://framapiaf.org/@charles_plessy
- You do not have my permission to use this email to train an AI -

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Charles Plessy <plessy@debian.org> writes:

On Fri, 2025-03-07 at 09:51 +0900, Charles Plessy wrote:

I have prepared a stub for a "Gateway to NEW" on Salsa:

https://salsa.debian.org/newgateway-team

Le Sun, Mar 09, 2025 at 06:00:55PM +0800, Maytham Alsudany a �crit :

Am I correct in assuming that each package to be reviewed will be an
issue under the "reviews" repo (and possibly also mention the relevant
package maintainer there)?

Will packages be reviewed upon request, or will it be fine to pick out
packages from the NEW queue and review them to assist FTP masters?

The way I envision it, is that people will ask for peer review before uploading
to the NEW queue.

Could you explain how I would ask for review of a package? I re-read
this thread, and the newgateway-team homepages, but I still don't
understand how you think the process should work.

Could we test the process by reviewing 'litetlog'?

https://salsa.debian.org/go-team/packages/litetlog/

It is already in NEW queue, but maybe more eyes on it will catch
mistakes before ftp-master review. It will help me understand what you
think the process should be here.

/Simon

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQNoBAEWCAMQFiEEo8ychwudMQq61M8vUXIrCP5HRaIFAmfQWRQUHHNpbW9uQGpv c2Vmc3Nvbi5vcmfCHCYAmDMEXJLOtBYJKwYBBAHaRw8BAQdACIcrZIvhrxDBkK9f V+QlTmXxo2naObDuGtw58YaxlOu0JVNpbW9uIEpvc2Vmc3NvbiA8c2ltb25Aam9z ZWZzc29uLm9yZz6IlgQTFggAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgBYh BLHSvRN1vst4TPT4xNc89jjFPAa+BQJl/YgIBQkLehFUAAoJENc89jjFPAa+CboA +wUa06RD5e5VTCxvSWtPS75Wq2qBeYGZnf0jvUMxa2n4AP4xkUeAPPnNuMsTm2fs FCDIGaEM2Yn6Vb2huzzT1Fw/BLgzBFySz4EWCSsGAQQB2kcPAQEHQOxTCIOaeXAx I2hIX4HK9bQTpNVei708oNr1Klm8qCGKiPUEGBYIACYCGwIWIQSx0r0Tdb7LeEz0 +MTXPPY4xTwGvgUCZf2IKwUJC3oQqgCBdiAEGRYIAB0WIQSjzJyHC50xCrrUzy9R cisI/kdFogUCXJLPgQAKCRBRcisI/kdFoqdMAQCgH45aseZgIrwKOvUOA9QfsmeE 8GZHYNuFHmM9FEQS6AD6A4x5aYvoY6lo98pgtw2HPDhmcCXFItjXCrV4A0GmJA4J ENc89jjFPAa+GcYA/26YQY05bLtnXiIjTiAzrGQrRXxTHPA8Av7TDFHvIetWAP9s HSoU8OfTwmTiEnGwLlsV7QJclZg3YNz/Ypcp9TqQBrg4BFySz2oSCisGAQQBl1UB BQEBB0AxlRumDW6nZY7A+VCfek9VpEx6PJmdJyYPt3lNHMd6HAMBCAeIfgQYFggA JgIbDBYhBLHSvRN1vst4TPT4xNc89jjFPAa+BQJl/YgwBQkLehDGAAoJENc89jjF PAa+phoA/jrDqIrl/55vUMBhIQv+TP635d2iCTEnyFmbUcP9+gh6APoDsXalVd2c OGxQtSC+TF8PkZMn1TLkJKAjVxr+xx40AgAKCRBRcisI/kdFonXQAP9zMdO+KUng XU3kOVkAVCSDMZ/dWN/TeKieHKLa1DMo6QD/YDsjdv2DlYkzGGiVZPIRM8AKNPpp Bv2sv3uOGRABxgc=6iGg
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le Tue, Mar 11, 2025 at 04:39:00PM +0100, Simon Josefsson a �crit :

Could you explain how I would ask for review of a package? I re-read
this thread, and the newgateway-team homepages, but I still don't
understand how you think the process should work.

Could we test the process by reviewing 'litetlog'?

Hi Simon,

I have just drafted a workflow in

https://salsa.debian.org/newgateway-team/reviews#how-to-request-or-make-a-review

which I quote here:

0. (We are in pilot phases. Improvements of this workflow are welcome)

1. The package maintainer adds the
[pipelines](https://salsa.debian.org/newgateway-team/pipelines) to its Salsa CI
file. (It would be cool to have a _devscripts_ script for that.)

2. The package maintainer opens an issue with _Review_ template (shall we
just make it default?). Salsa ID pings in the issue can be useful for
exchanging reviews.

3. Once the checklist is clear, the maintainer uses the create merge request
button in the issue page, to add the package in the table below. (Or just
editing the file directly is fine?)

4. Somebody merges the request after verifying quickly that the checklist was
properly addressed.

5. Reviewers open issues with the _Review_ template. If problems are found,
they ping the maintainer with their salsa ID in the issue discussion. Reviews
end by adding the issue ID in the table below via a MR to be accepted and
merged by the package maintainer.

6. Once all reviewers thumbs are up, update the table below (with or without
MR), and upload to NEW.

7. Once the package leaves the NEW queue, record the outcome in the table below.


Surely, please join the tests with litelog!

Charles

--
Charles Plessy Nagahama, Yomitan, Okinawa, Japan
Debian Med packaging team http://www.debian.org/devel/debian-med Tooting from home https://framapiaf.org/@charles_plessy
- You do not have my permission to use this email to train an AI -

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 2025-03-12 at 09:52 +0900, Charles Plessy wrote:

I have just drafted a workflow in

https://salsa.debian.org/newgateway-team/reviews#how-to-request-or-make-a-review

which I quote here:

0. (We are in pilot phases. Improvements of this workflow are welcome)

1. The package maintainer adds the
[pipelines](https://salsa.debian.org/newgateway-team/pipelines) to its Salsa CI
file. (It would be cool to have a _devscripts_ script for that.)

I like the idea of pipelines that only create artifacts, without
creating a pass/fail result that affects the package's overall CI.

2. The package maintainer opens an issue with _Review_ template (shall we
just make it default?). Salsa ID pings in the issue can be useful for
exchanging reviews.

3. Once the checklist is clear, the maintainer uses the create merge request
button in the issue page, to add the package in the table below. (Or just
editing the file directly is fine?)

Wouldn't using an issue's open/closed status and tags be sufficient
rather than MRs for each issue? For instance:
- open = not in the archive yet
- closed = in the archive / abandoned
- tag "passed-review"
- tag "accepted" when the package enters the archive
I also suggest using a standard naming scheme like "package/version"
(e.g. "r-cran-multitaper/1.0-17-1") for easy lookup of packages as well
as different versions (for binNEW).

Then, if ftp-masters want to check for a peer-review, they can just look
for the name of the package in the list of open issues, named with a
standard "package-name/package-version". 

And if the table in README is still necessary, then (I think) a CI
pipeline can update it from the issue data.

4. Somebody merges the request after verifying quickly that the checklist was
properly addressed.

5. Reviewers open issues with the _Review_ template. If problems are found,
they ping the maintainer with their salsa ID in the issue discussion. Reviews
end by adding the issue ID in the table below via a MR to be accepted and
merged by the package maintainer.

6. Once all reviewers thumbs are up, update the table below (with or without
MR), and upload to NEW.

7. Once the package leaves the NEW queue, record the outcome in the table below.

Some definition of scope would be useful (e.g. "we don't check if the
program runs or if the package builds (that's the responsibility of the uploader), we just do the same checks as those that happen in the NEW
queue").

Let me know how I can help! I enjoy reviewing copyright files, so if any
arise, please send them my way :)

--
Maytham

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEESl/RzRFQh8wD3DXB1ZeJcgbF8H8FAmfQ+oYACgkQ1ZeJcgbF 8H+bvg/+L1dYfLb01J545hy99CbexurchaBS0h5s5x446v8WGw8UEw/UOGPDE+xJ 0RvvT/+YXDg3Siy81rJD/tPYdhVzguYUIqqhQjpTXr+8aiQspLMHxGG+ZZp4YHCB g1oG83Uf1OFlJFdHsibEcTJqS6amBPpt6OScmbPBM+IIRrrAo4Tf8AgbUJ09Cg+U TkXpchOTORlhnOAuATRPkR/Xn6CDYhRqXms+LuXbD1CV6rMrHj4fz4YEFyELWwXH lRZyNV+g5Af0i/B7ot1wmTKskcd2AzeWU71oPS9dwL7xqkUHlpEMAq8A7CV6G5Gz UR8Ure+pxdaXk0via9kLos+2KxO1UqmvXhz4HtfsQrXjtwh0rrBx2QauYMfPigyu K6SCI/8NXobc1mHWaajCT/uX9299ZV2qiKdAmzSgVZnqEy1JXY/fX0HvIELOsbWV HYcCnoSibdONcKM8vXFSwrYTSR7MSXWJrmb0hRwx9YL4GmzSmyWy3IgNT+gf//Uj M/jaiBz0UDpnPkNoHvg9ANsN2RjkJSPsT4nGmjQseDEz68REPQgik0A9Uet92wax 3RAFfc39YAJW5hlHq3GZix9epX3QZQohh3kGH7a0kw39U7hbDYccuu9UGjtNBoF5 G7eTd+goCXZll9J0wCqur0EIYdF2+5v3ix5l1B663eEDINGVyR8=
=RxtP
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Maytham Alsudany <maytham@debian.org> writes:

2. The package maintainer opens an issue with _Review_ template (shall we >> just make it default?). Salsa ID pings in the issue can be useful for >> exchanging reviews.

3. Once the checklist is clear, the maintainer uses the create merge request
button in the issue page, to add the package in the table below. (Or just
editing the file directly is fine?)

Wouldn't using an issue's open/closed status and tags be sufficient
rather than MRs for each issue? For instance:

Yeah I also find multiple issue per package confusing. With one issue
per package, it is easy to add comments to the issue explaining what has
to change, and to discuss those changes. The top-level summary can also
be updated to summarize current status.

- open = not in the archive yet
- closed = in the archive / abandoned
- tag "passed-review"
- tag "accepted" when the package enters the archive

Right, tags can be used to even further summarize things.

I also suggest using a standard naming scheme like "package/version"
(e.g. "r-cran-multitaper/1.0-17-1") for easy lookup of packages as well
as different versions (for binNEW).

+1

Then, if ftp-masters want to check for a peer-review, they can just look
for the name of the package in the list of open issues, named with a
standard "package-name/package-version".�

+1

And if the table in README is still necessary, then (I think) a CI
pipeline can update it from the issue data.

Doable, but I'm not sure that complexity adds anything.

4. Somebody merges the request after verifying quickly that the checklist was
properly addressed.

5. Reviewers open issues with the _Review_ template. If problems are found,
they ping the maintainer with their salsa ID in the issue discussion. Reviews
end by adding the issue ID in the table below via a MR to be accepted and
merged by the package maintainer.

6. Once all reviewers thumbs are up, update the table below (with or without
MR), and upload to NEW.

7. Once the package leaves the NEW queue, record the outcome in the table below.

Some definition of scope would be useful (e.g. "we don't check if the
program runs or if the package builds (that's the responsibility of the uploader), we just do the same checks as those that happen in the NEW queue").

+1 -- that is the responsibility of the main Salsa pipeline, I think.

Let me know how I can help! I enjoy reviewing copyright files, so if any arise, please send them my way :)

I hope that we can find some problem to fix in the `litetlog` packaging
when I submit it, arguing for the awesomeness of this effort :)

/Simon

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQNoBAEWCAMQFiEEo8ychwudMQq61M8vUXIrCP5HRaIFAmfRSe4UHHNpbW9uQGpv c2Vmc3Nvbi5vcmfCHCYAmDMEXJLOtBYJKwYBBAHaRw8BAQdACIcrZIvhrxDBkK9f V+QlTmXxo2naObDuGtw58YaxlOu0JVNpbW9uIEpvc2Vmc3NvbiA8c2ltb25Aam9z ZWZzc29uLm9yZz6IlgQTFggAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgBYh BLHSvRN1vst4TPT4xNc89jjFPAa+BQJl/YgIBQkLehFUAAoJENc89jjFPAa+CboA +wUa06RD5e5VTCxvSWtPS75Wq2qBeYGZnf0jvUMxa2n4AP4xkUeAPPnNuMsTm2fs FCDIGaEM2Yn6Vb2huzzT1Fw/BLgzBFySz4EWCSsGAQQB2kcPAQEHQOxTCIOaeXAx I2hIX4HK9bQTpNVei708oNr1Klm8qCGKiPUEGBYIACYCGwIWIQSx0r0Tdb7LeEz0 +MTXPPY4xTwGvgUCZf2IKwUJC3oQqgCBdiAEGRYIAB0WIQSjzJyHC50xCrrUzy9R cisI/kdFogUCXJLPgQAKCRBRcisI/kdFoqdMAQCgH45aseZgIrwKOvUOA9QfsmeE 8GZHYNuFHmM9FEQS6AD6A4x5aYvoY6lo98pgtw2HPDhmcCXFItjXCrV4A0GmJA4J ENc89jjFPAa+GcYA/26YQY05bLtnXiIjTiAzrGQrRXxTHPA8Av7TDFHvIetWAP9s HSoU8OfTwmTiEnGwLlsV7QJclZg3YNz/Ypcp9TqQBrg4BFySz2oSCisGAQQBl1UB BQEBB0AxlRumDW6nZY7A+VCfek9VpEx6PJmdJyYPt3lNHMd6HAMBCAeIfgQYFggA JgIbDBYhBLHSvRN1vst4TPT4xNc89jjFPAa+BQJl/YgwBQkLehDGAAoJENc89jjF PAa+phoA/jrDqIrl/55vUMBhIQv+TP635d2iCTEnyFmbUcP9+gh6APoDsXalVd2c OGxQtSC+TF8PkZMn1TLkJKAjVxr+xx40AgAKCRBRcisI/kdFonFTAQDafbGZoXI0 Jz5NfSMwRX/wCUAil0F7ENwYkY/ZOvjW4QD/YJVGa2ba9g6fasiYE3zTfZlCRDik 7v2mtwtAtUA3xgU=GSX2
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi all,

Following Maytham and Simon's feedback, I now propose a workflow that is purely based on issues. The default template is a checklist to guide the reviews.

<https://salsa.debian.org/newgateway-team/reviews/-/blob/main/.gitlab/issue_templates/Default.md?ref_type=heads>
(please bear in mind that it is work-in-progress)

I think that it is best to have one issue per review, and therefore per reviewer, as it helps transparency and accountability. If there would be one log with three persons discussion and rebutals mixed together, I think that it would be harder to follow.

This said, I think that in most of the cases nobody should have to read the reviews again: we should aim for packages perfecly clean. In the worst case scenario, notes to the FTP team should go through the usual channels (README.source, etc.). We should not ask them to spend time on our experiment.

The package maintainer essentially does the same review as the reviewers, hence a single default template should be enough. To ease everybody's work, I think that we should ask that the Salsa CI standard pipeline should pass unless there is a good reason for failing. Lintian has a bunch of essential checks for copyright files...

This is not set in stone, and the CI tests are still sparse and fragile (GitLab CI advices or MRs welcome), but I welcome everybody to have a look and try it. Mathyam, Simon, I pinged you with your @id on Salsa; please let me know if you did not get message: it is essential that it is easy for everyone to get that right.

Have a nice day,

Charles

--
Charles Plessy Nagahama, Yomitan, Okinawa, Japan
Debian Med packaging team http://www.debian.org/devel/debian-med Tooting from home https://framapiaf.org/@charles_plessy
- You do not have my permission to use this email to train an AI -

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hello,

On Sun 09 Mar 2025 at 01:57pm GMT, Simon McVittie wrote:

Do I assume correctly that this principle can be weakened for experimental-NEW?

As a general principle I think uploads to NEW that are more complicated than a
completely new leaf package should usually be to experimental, unless there is
a reason why this specific package can't (for example if foo_2.0 is already in
experimental and now the maintainer needs a package-split or a new SONAME for foo_1.2 in unstable). A lot of the time the NEW package will need a new sourceful upload after it's been accepted *anyway*, to get a source-only upload that can migrate to testing - and if the package is in binary-NEW because it has a new SONAME, it's better to have the maintainer and not the ftp team be in control of the point at which it hits unstable and starts a transition.

Does the ftp team agree with that as a general idea? And if a largeish dependency graph needs uploading together, is it OK to upload them all to experimental-NEW, with the idea that if the ftp team accepts them in the wrong
order they'll just sit in BD-Uninstallable status until the whole batch has been processed, with no real harm done?

Yes, I think that is fine.

--
Sean Whitton

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)