Re: GR: welcome non-packaging contributors as Debian project members

[Russ Allbery <rra@debian.org>]

Charles Plessy <plessy@debian.org> writes:

> I agree with the above, accepting as DDs contributors who do not
> maintain packages, but your proposal is different: it establishes a new
> class of project members, who differ by not having upload rights.

> I suppose that the goal is to avoid disruptive NMUs and damage to our
> infrastructure in case their GPG key is compromised. But do you think
> that this is more likely to happen with developers who do not maintain
> packages, compared with developers who do?

Principle of least privilege in security says that people who do not need
upload rights should not have them even if they're entirely trustworthy
people.  Their GPG keys could be compromised through no fault of their
own, and since they're not using the access, there's no reason to add to
the security risk by adding more keys to the trusted set for uploads.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>