[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: GR: welcome non-packaging contributors as Debian project members

Le Tue, Sep 14, 2010 mat 06:29:24PM -0700, Russ Allbery a écrit :
> Charles Plessy <plessy@debian.org> writes:
> 
> > after seeing the torrent of seconds, I am still puzzled if this GR is a
> > progress or a regression: is the take home message that Debian should be
> > more open, or that some members must not have upload rights ? When a
> > member does not have upload rights, is it for the principle of least
> > needed priviledge, which suggests that getting that prividedge may be
> > granted automaticaly later with the need, or because that member is not
> > trusted to be able to upload correctly ?
> 
> Well, if one isn't interested in upload rights, there's no need for one to
> qualify on upload rights during NM, which implies omitting or at least
> much abbreviating the Tasks and Skills part of NM.  But if we want to
> maintain the policy that anyone with general upload rights complete Tasks
> and Skills for package uploads, we wouldn't want to extend those rights
> later without having the person go through NM.

I think that this is where our point of view differ the most. I think that
somebody who was accepted as a member, because he showed enough reliability in
his work, respect for our procedures and commitment in his contributions, does
not need to qualify again to start uploading packages when his contribution
eventually evolves in that direction.

We are proud to be a do-o-cracy. I think that we can let our members to
demonstrate their capacities by giving them the opportunity of doing the things
right, instead of passing certificates. If we trust somebody to manage
correctly his SSH and GPG keys and prevent from bad people stealing his
identity and loging in our machines with bad intentions, then I think that we
must trust that person to not do rogue NMUs nor upload to NEW packages that they
do not have the capacity to maintain.

More in general, I think that the principle of least priviledge is best applied
when a large majority do not need them (like driving trucks and airplanes, or
logging in some machines at the core of our infrastructure), but is not much
benefical when it is about managing a minority.

But the core of my disagreement is not about priviledge management, which
already takes place for other operations than upload, but classifying DDs
through the passage of certificates, since in my understanting a DC will be a
DD for whom it will be remembered that T&C was not passed, and who will not be
able to upload until he passes that test.

I have to say that I am also worried that this is just the beginning of a more
comprehensive categorization of the roles within Debian. The application
managers and the front desk are doing great work in managing the request to
join our project, but I object extending their role to manage the access of the
DDs to the components of our architecture.

Cheers,

-- 
Charles Plessy
Tsurumi, Kanagawa, Japan
Reply to: