From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Ted Zlatanov <tzz@lifelogs.com>
Newsgroups: gmane.emacs.devel
Subject: Re: ELPA update
Date: Wed, 28 Sep 2011 08:52:04 -0500
Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos
Message-ID: <87wrcsrczf.fsf@lifelogs.com>
References: <87y5xavz8i.fsf@keller.adm.naquadah.org>
	<87fwji2d8o.fsf@stupidchicken.com>
	<87ehz1ds54.fsf@keller.adm.naquadah.org>
Reply-To: emacs-devel@gnu.org
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: dough.gmane.org 1317217961 7947 80.91.229.12 (28 Sep 2011 13:52:41 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Wed, 28 Sep 2011 13:52:41 +0000 (UTC)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Sep 28 15:52:35 2011
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([140.186.70.17])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1R8uYs-0003JL-Jj
	for ged-emacs-devel@m.gmane.org; Wed, 28 Sep 2011 15:52:34 +0200
Original-Received: from localhost ([::1]:58201 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1R8uYs-0007jf-9F
	for ged-emacs-devel@m.gmane.org; Wed, 28 Sep 2011 09:52:34 -0400
Original-Received: from eggs.gnu.org ([140.186.70.92]:48733)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1R8uYp-0007jP-BK
	for emacs-devel@gnu.org; Wed, 28 Sep 2011 09:52:32 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1R8uYn-0003EP-Lv
	for emacs-devel@gnu.org; Wed, 28 Sep 2011 09:52:31 -0400
Original-Received: from lo.gmane.org ([80.91.229.12]:56334)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1R8uYn-0003E3-Cn
	for emacs-devel@gnu.org; Wed, 28 Sep 2011 09:52:29 -0400
Original-Received: from list by lo.gmane.org with local (Exim 4.69)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1R8uYl-0003FR-LI
	for emacs-devel@gnu.org; Wed, 28 Sep 2011 15:52:27 +0200
Original-Received: from 38.98.147.133 ([38.98.147.133])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Wed, 28 Sep 2011 15:52:27 +0200
Original-Received: from tzz by 38.98.147.133 with local (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Wed, 28 Sep 2011 15:52:27 +0200
X-Injected-Via-Gmane: http://gmane.org/
Mail-Followup-To: emacs-devel@gnu.org
Original-Lines: 34
Original-X-Complaints-To: usenet@dough.gmane.org
X-Gmane-NNTP-Posting-Host: 38.98.147.133
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;
	d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT=
	D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
Mail-Copies-To: never
User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.90 (gnu/linux)
Cancel-Lock: sha1:1wMDxAqWuiJ7+0SBE4LsiCO0JYg=
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3)
X-Received-From: 80.91.229.12
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: </archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:144442
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/144442>

On Wed, 28 Sep 2011 09:48:23 +0200 Julien Danjou <julien@danjou.info> wrote: 

JD> On Tue, Sep 27 2011, Chong Yidong wrote:

>> It seemed preferable to have some human component in the procedure of
>> rolling out packages to users.  For instance, I try to scan the bzr logs
>> before doing each update.
>> 
>> But I'm open to arguments for simply setting it up as a cron job.

JD> I hope that the checks are done before commiting. :-) So I'd rather like
JD> a daily cronjob rathen than disturbing you each time I commit a bugfix
JD> that I want to give to users.
JD> And as the number of package will increase, I'm not sure you'll be able
JD> to do this review manually so, it might be best to trust us on short
JD> term. :)

I think the GNU ELPA is much more like a package repository than a
source code repository, so it makes sense to have some human overview,
especially considering the large number of committers.  We don't want
rogue code sneaking in and compromising our users.

To that end it would also be nice if we asked committers to sign their
contributions with their private GPG key, but I don't know if Bazaar
supports that.  If they did, we could have a list of approved public GPG
keys for any given package and contributions signed with those could be
automatically approved.  This is just a proposal though, I don't know
the best way to do it.

Most of us don't know how to run a package repository, so maybe we
should look at the Debian maintainers' process or ask them if we don't
have the local expertise.

Ted