[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Cloud Team delegation updates



On Wed, Jun 03, 2020 at 10:51:02PM -0700, Ross Vandegrift wrote:
> Hi Luca,
> 
> On Wed, Jun 03, 2020 at 11:22:26PM +0000, Luca Filipozzi wrote:
> > I would like there never to be a situtation where one person or consultancy
> > controls Debian's presence on a platform, even if that person is employed by
> > the owner of said platform.
> 
> I think I agree, but want to make sure I understand your concern.
> 
> As an example: practically speaking, Noah controls Debian's presence on AWS.
> He contributes the most, has the most expertise on the platform, and is trusted
> by the team.  If he were to stop contributing, Debian's presence on AWS would
> be impaired.  But we'd still have access to the account, so the next person
> could pick up where he left off.  So he doesn't have control that could block
> future contributors.
> 
> Do I have it right?

Fortunately, the account situtation (AWS Gov Cloud aside) has mostly
been rectified in that a TO has signed agreements. The second part,
about having the credentials managed with DSA hasn't, AFAIK.

> If so, it sounds like the protection for Debian is the account ownership
> requirement [2].  That ensures that we can recover account access if it were
> lost.  Are there situations where the conflict of interest restrictions are
> needed to provide additional protection?

Account control - legal and practical - is my chief concern. Debian
should always survive the departure a single developer or consultancy. I
view this being better addressed by someone independent, personally.

> I'm conerned that we won't find another delegate.  IIRC there were only three
> eligible Debian members at the most recent sprint, and one has left the team.
> So I'd like to consider other ways to protect ourselves, while opening the
> delegation up to more of the team.
> 
> If there is no other way, then so be it.  But I'm not convinced of that yet.

The DPL is free to change the conditions (which doesn't have the same
constraint as changing the responsibilities, which once delegated...),
which will expand the pool.

> Thanks,
> Ross
> 
> [1] In case it wasn't clear: I'm not criticizing the state of Debian on AWS.
> This is the situation because Noah does the most of the work.  He's doing a
> great job, and I'm thankful for it.
> 
> [2] For reference, the relevant items from the delegation text:
>     - With the Debian Project Leader and under the auspices of the
>       Trusted Organizations, establish Debian accounts with cloud
>       providers, negotiating terms and conditions where necessary.
> 
>     - With the Debian System Administration Team and the Trusted
>       Organizations, manage Debian account credentials with the cloud
>       providers and establish account life-cycle processes.
> 

-- 
Luca Filipozzi


Reply to: