On Thursday 22 December 2005 09.59, Anthony Towns wrote: > On Thu, Dec 22, 2005 at 08:54:36AM +0100, Adrian von Bidder wrote: > > Problem with a GR: it doesn't get any work done. > > Right; that's not the intention of the GR though -- the intention is > to authorise people to do the work. I've done all I feel I'm within my > rights to (and in fact slightly more than that) in providing access to > security.d.o to some of the testing-security team. While I could try > doing more than that, and possibly succeed thanks to my tyranny over > Unix permissions, I don't particularly want to provide any substance to > accusations of coups and whatever else. Ah. To me, that is quite a bit of the missing piece of information on why you feel this GR is needed. To me the GR sounds very much wishy-washy, kind of 'let's appoint some people who might then do some work.' With what you say here, I can see the motivation for this GR. Also, it becomes clearer as it's apparently not clear whether the security team are delegates - I assumed they were (and feel they should be). Maybe - is it time to clear this issue now? http://people.debian.org/~branden/dpl/reports/2005-07-07.html branden: | I have sent the Debian Security Team a proposal for making DPL delegates | out of its members; Whatever became of that? (Hmmm. What *is* the curernt status? http://lists.debian.org/debian-security/2005/08/msg00226.html only muddies the water for me.) Word from the DPL or SecTeam members would be welcome here - do they operate under the assumption that the security team are delegates? > I don't know if it carries more or less weight having me say it, but > I think it's entirely appropriate to cut Branden a lot of slack in not > trying to come in as DPL and "fix" this. Well, I'm extremely ambivalent on this matter. I often have the feeling that a more vocal DPL could in some instances give the project a clearer idea where to go - or, maybe, if the DPL wants to go where others don't want, issues would be debated earlier. OTOH a vocal/active leadership-type DPL might meet opposition in the project on unprecedented scale, so maybe the Way It's Always Been Done(tm) isn't so bad... Back to the topic at hand: Can't Joeyh, Steve and Micah just be added to the security team[1] along with Martin (same disclaimer as in your mail: assuming they want to) and assume that the security team will work out amongst themselves who would continue to care about current stable security and who would do the 'redesign the process' part? Assuming that 'member of the security team' does not automatically mean 'does need vendor-sec clearance and all kinds of assorted special Debian powers that can't be given to some of these people'. Why just add them to the secteam instead of appointing them to a special redesign-the-process team? Because I feel that if ever the result of that work should be useful, it needs to be done in close cooperation with the current security team anway. [1] by GR? By delegation? By invitation from the current secteam? IMHO preferable (ii) or maybe (iii), GR doesn't feel right: if we're going to vote on people, we should have proper debates à la DPL vote, but this is creating a kind of procedure that seems, to me, much too heavyweight for this kind of job. -- vbi -- 1933 wollten viele aus Deutschland raus, heute wollen viele rein. Das muss doch etwas bedeuten. -- Sir Peter Ustinov
Attachment:
pgpEprZwxKCtc.pgp
Description: PGP signature