Re: Constitutional Amendment GR: Handling assets for the project

[Kalle Kivimaa <killer@debian.org>]

Anthony Towns <aj@azure.humbug.org.au> writes:
> Personally, I think that's the minimum we ought to expect, but IME it's
> also a hell of a lot more work than it should be, and it'll require a
> chunk of effort from someone to actually make it happen.

This depends on two factors, namely how many transactions there are in
total in the various Debian-related accounts and how many of those are
Debian-specific. If we are talking about a couple of hundred
transactions, it is very doable as a volunteer work. If the number of
Debian-specific transactions is in the order of 1000 or more, then it
is a very different project (and should be split if it is a volunteer
project).

> Many of the machines are restricted; so anyone but DSA getting ssh access
> to all of them is unlikely; more likely is having the machines report the
> interesting statistics to LDAP and being able to query that. Knowing where
> machines are hosted, who they're owned by (the original sponsor? SPI?
> whoever's hosting them?), who the appropriate contact people are
> (replacement parts? hosting? local admin?) are important here.

This information is static and is a bit irrelevant from auditing point
of view. The purpose of auditing is to make sure that the assets are
there and that the governing body has used them wisely. It is entirely
possible that somebody replaces a server with a virtual server or
simply renames a machine to be identical with another machine.

I do agree that we could just start by checking the assets list and
maybe doing some trivial ping testing to see that the machines seem to
be on the net.

-- 
* Sufficiently advanced magic is indistinguishable from technology (T.P)  *
*           PGP public key available @ http://www.iki.fi/killer           *