Hi as you may have read some time ago we got a group of people together who work on our pentabarf (the conference management software). That took a huge amount of load away from me, as I am basically only the one who needs to sync the fixes from svn to the host where our install runs, the real work of coding is done by other people. Now, this still depends a lot on me, which is something I try to minimize, its better when others are able to do work too. So my *long* term plan is to give other(s) the rights to do that point. Currently the best candidate for that is Torsten Werner who is doing all the coding for our changes to pentabarf, but read on. I havent done this right away with the start of the debconf-pentabarf team, for various reasons, which also will defer it for some more time, probably until DebConf7: - The site is in production use since some time already and should have as less as possible outage as possible, so changes should be tested. - The site holds personal data of all people that registered for DebConf. Which means we should be *really* conservative about who we allow to access it. Currently thats only the admin group (via the host itself) and Moray and Neil (via the pentabarf interface for it). This point is also the reason why I wont go and simply allow the whole debconf-pentabarf team to access it. We want to be able to add more people to it, when they want to help coding, without thinking about the privacy issues with the personal data. Right now I see the diff for every change before it is applied. I am the one who restarts the server to get new code in production use, etc. Which means there is a good level of control before something gets used, and the privacy of the data users enter[ed] is as high as possible. So I would like input on what others think how far I should keep this paranoia and restrict access to the host/the data? My personal control-freak tells me that "as far as possible" isn't far enough, but that keeps it all depending on me. Bad. Knowledge and power should be shared if possible. how I should select others that can do this part of work. Torsten is a candidate due to his good work with code changes, but that *may* not mean he should have the access to the machine.  for a sponsored machine hosted somewhere in the world.  that doesnt mean I dont trust him. I cant judge that yet, as I havent worked much with him up to now, which is also a reason that I defer real action on this until DC7.  And if one follows this way of thinking about it - why do have I full access? Yes, I set it up and run it, but am I trustable? -- bye Joerg [...] some would argue that too much free beer with hamper your ability to free speech; this is an opinion.
Description: PGP signature