On Friday 2008-10-24, Patrick Schoenfeld wrote: > Lars Wirzenius wrote: > > * Membership is controlled via GnuPG keyrings, primarily maintained by > > the Debian Account Manager. The keyrings shall be maintained in a way > > that allows any member to change them, and that is fully transparent to > > the members in general, and that further makes it easy to undo > > mistakes. > > hu? why? Don't you think that this has security implications? > And don't you think, there is an interest to protect the security of > the Debian project machines? Well, we think that every DD is > trustworthy, because we rely on GPG signatures between already trusted > people. But after all power you give to people is an appeal to exploit > it. So its IMHO not really a good idea to give power to people, > who _do not need_ the power. AIUI he's just advocating having the equivalent of a (publicly scrutinized) NMU for the keyring, that is: - have trusted gatekeeper(s) who normally does all changes - have all changes be public (many eyes make all bugs shallow) - also have the possibility for the equivalent of an NMU, for those cases where the gatekeeper is on vacation/to busy/otherwise unavailable/goes rogue. -- Cheers, Cobaco (aka Bart Cornelis)
Description: This is a digitally signed message part.