Re: Re-thinking Debian membership

[Lars Wirzenius <liw@liw.fi>]

la, 2008-10-25 kello 09:59 +0200, Stefano Zacchiroli kirjoitti:
> A scenario I want to avoid for example is that newcomers can alter the
> keyring adding tens of "friends". Such a possibility would imply that
> if Debian as a project fails *once* in checking IDs and motivations
> for *a single* newcomer, than that newcomer can screw us badly adding
> a whole lot of people.  I presume the range of nasty scenarios
> starting from this one is quite big.

I would like to stress that my proposal says that any changes should be
easy to undo. This is especially true for anything that may result in
nasty scenarios. I haven't thought about the mechanics of this yet in
any particular detail, but there are so many ways in which keyring
maintenance could be arranged to achieve the goal of my proposal that
I'm not worried it can't be implemented.

That doesn't mean I'm adamant on having the keyring be NMUable by any
DD.

As an aside, I realize that all of my proposal is written very quickly,
and is very short. The length is mostly a good thing. I wanted to get
the idea out soon, and to see how the discussion goes. Since the core
parts of my proposal seem to be received mostly in a positive manner, I
think it's time to start working on a more detailed proposal, and I hope
to use the DEP process for it, and gather input from all relevant or
interested parties in the project. I probably won't have time to work on
it for a few days, and it might be good to postpone most of it until
after lenny is released anyway. However, since Joerg started the
discussion, I think it was appropriate to throw the idea out now.

> More generally, the solution to concentration of powers is making sure
> that the same people do not play too many roles in "core" teams
> (ideally, max 1), because that gets rid of "communications to self",
> which are always hidden to the rest of the project.

I think that would be a good idea.