On Wed, Apr 08, 2020 at 02:23:47PM +0200, Ole Streicher wrote: > I don't know the exact proposed rules here, but I could imagine that > without these rules anyone cann fill the namespace of nice Debian user > names. If you're talking spam account flooding the namespaces, they can be cleaned up from time to time. If you're talking about legitimate Debian contributors not yet interested in becoming DDs, using up names that people interested now in becoming DDs would like to have, I think it's not a problem if the people who registered the name first gets to keep it. > And there is the danger that someone hijacks the user name of a > Debian user who is still not on Salsa. Or an emeritus name or so. The proposed workflow is that: - you register a name on Salsa - after you go through nm.d.o, it becomes your name on LDAP By default, when you become a DD you have the same username on Salsa, and so it's taken by you and nobody can register it, even if you become emeritus. If you decide to rename your Salsa account, then yes somebody else can take it, and it's fair enough. If somebody takes it over maliciously, the account can be locked. If you decide to rename your account but don't want somebody else to register your old name, you can register it yourself after the rename, to keep control of it. > I would also like to have a visible distinction between "trusted" names > (where the owner is verified via key) and random names, in one way or > the other. The official membership status synced from nm.debian.org can, with some work, be made visible in the user's page. Enrico -- GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini <enrico@enricozini.org>
Attachment:
signature.asc
Description: PGP signature