Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)
On Wed, Aug 02, 2000 at 03:43:12AM +1000, Anand Kumria wrote:
> > Membership is a privilege, and if you have to take a couple of
> > bureaucratic steps, so be it. You don't haggle with your passport
> > office about providing your passport photos, do you? If you need to
> Actually I do -- but that is an entirely different story.
> If you understand how passports work you have one person (in some
> countries of a particular occupation, e.g doctor, lawyer, etc.)
> who can authenticate to the government that you are who you say
> you are.
> In the Debian country you could liken that person to existing maintainers.
> Dale's process says that existing maintainers are not able to authenticate
> aspiring maintainers who they have confirmed the identity of. Essentially
> we cease to trust existing developers.
Even in the case of passports, it is a two-step process. First step,
is as you allude to, you have a notarized signature, from say a doctor
or lawyer, stating that you are who you are. In addition, you need a
photograph *for the record*. The photo on your passport is one of the
pieces of identification, the other is your signature [Of course, both
can be forged, I don't want to get into that]
All, I am saying is that the photo id requested does not mean that
existing developers are not to be trusted. It is an *additional* piece
of documentation that goes into the new-maintainer/developer's file. I
think some sort of traceability is good. As debian maintainers, we can
upload packages. If I am malicious and crafty enough, I can put a
trojan horse in my package that can cause a lot of financial damage to
some company/institution. Debian can be held responsible for this act
of vandalism. Simply put, the debian new-maintainer team now at least
has *some* pieces of identification on who I am. As debian
maintainers, we have a lot of responsibility. Users take for granted
that the software they download from our website, or CDs are
secure. Debian maintainers are the first points-of-contact for the
package they maintain, and hence, we as an organization should have a
reasonable idea of who the maintainers are.
> > travel abroad, you do the needful to *apply* for a passport. After a
> > loong discussion, I believe the current procedures have been adopted
> > for applications for new members, and IMO they are equitable and
> > reasonable.
> I'm not if you have read the archives -- I have. I posted a long
> summary on the nm-admin (or nm-discuss) mailling list. It'll
> certainly be in the archive if you care to look (Since it was in March
> it'll take me more effort than I have at 0330 to find).
I couldn't find your summary. The archives on the web only lists the
Gopal Narayanan <email@example.com> <firstname.lastname@example.org>
Debian GNU/Linux Developer
Dept. of Astronomy, University of Massachusetts, Amherst