Re: Resignation and uploads

To: Thijs Kinkhorst <kink@squirrelmail.org>
Cc: debian-devel@lists.debian.org
Subject: Re: Resignation and uploads
From: Wouter Verhelst <wouter@debian.org>
Date: Sun, 13 Nov 2005 18:28:01 +0100
Message-id: <[🔎] 1131902881.19559.37.camel@country.grep.be>
In-reply-to: <[🔎] 50179.130.237.5.205.1131890801.squirrel@wm.kinkhorst.com>
References: <[🔎] 20051111002239.GE27773@tytlal.topaz.cx> <[🔎] 1131718163.11737.7.camel@country.grep.be> <[🔎] 20051111161055.GA6653@djedefre.onera> <[🔎] 50179.130.237.5.205.1131890801.squirrel@wm.kinkhorst.com>

Op zo, 13-11-2005 te 15:06 +0100, schreef Thijs Kinkhorst:
> On Fri, November 11, 2005 17:10, Christian Perrier wrote:
> > From what I know of him, he will take care of these Debian tasks as
> > soon as he'll be able to do so....just like any of us would after coming
> > back from a conference we were at as part of our paid work.
> 
> I think many other people would take good care to provide backup for our
> tasks in case we're away for longer than a couple of days. There's no
> reason at all that on some key positions in Debian there's only one
> person.

There's one thing people are constantly overlooking here:

The job of maintaining the keyring is far more sensitive and takes a lot
more than just 'throwing the key in' if it remotely looks good.

Rember that 'having a key in the Debian keyring' is, for all practical
matters, equivalent to 'having root on all Debian installations'. A
number of things about the keyring can be (and are!) automated; the
things that cannot be automated are done manually, and they require an
admin who does his job carefully and concisely.

I for one am _happy_ that James does not 'just' throw in the key if the
name is remotely similar, but does indeed verify why this new key is
necessary, if it is properly signed by the active key of at least one
(but preferably more) other developer(s), whether the old key is still
valid (and if so whether it should have been revoked), why the old key
was revoked (if it has been revoked), and a number of other things that
probably only experience can tell you how to do them right.

As always, weighing security against usability is not an easy job; one
that requires a lot of time, responsability, and the guts to say "no"
when it's necessary. The Debian project should be proud that their main
sysadmins are more than up to the job, rather than complaining about how
long it always takes; because, try as you might, adding more sysadmins
doesn't necessarily make the job go faster. And yes, I speak out of
experience here.

-- 
.../ -/ ---/ .--./ / .--/ .-/ .../ -/ ../ -./ --./ / -.--/ ---/ ..-/ .-./ / -/
../ --/ ./ / .--/ ../ -/ ..../ / -../ ./ -.-./ ---/ -../ ../ -./ --./ / --/
-.--/ / .../ ../ --./ -./ .-/ -/ ..-/ .-./ ./ .-.-.-/ / --/ ---/ .-./ .../ ./ /
../ .../ / ---/ ..-/ -/ -../ .-/ -/ ./ -../ / -/ ./ -.-./ ..../ -./ ---/ .-../
---/ --./ -.--/ / .-/ -./ -.--/ .--/ .-/ -.--/ .-.-.-/ / ...-.-/

Reply to:

Follow-Ups:
- Re: Resignation and uploads
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

References:
- Resignation and uploads
  - From: Chip Salzenberg <chip@pobox.com>
- Re: Resignation and uploads
  - From: Wouter Verhelst <wouter@debian.org>
- Re: Resignation and uploads
  - From: Christian Perrier <bubulle@debian.org>
- Re: Resignation and uploads
  - From: "Thijs Kinkhorst" <kink@squirrelmail.org>

Prev by Date: Re: Accepted lynx 2.8.5-2sarge1 (source powerpc)
Next by Date: Re: Licenses for DebConf6
Previous by thread: Re: Resignation and uploads
Next by thread: Re: Resignation and uploads
Index(es):
- Date
- Thread