Hi Luca,
On Wed, Jun 03, 2020 at 11:22:26PM +0000, Luca Filipozzi wrote:
> I would like there never to be a situtation where one person or consultancy
> controls Debian's presence on a platform, even if that person is employed by
> the owner of said platform.
I think I agree, but want to make sure I understand your concern.
As an example: practically speaking, Noah controls Debian's presence on AWS.
He contributes the most, has the most expertise on the platform, and is trusted
by the team. If he were to stop contributing, Debian's presence on AWS would
be impaired. But we'd still have access to the account, so the next person
could pick up where he left off. So he doesn't have control that could block
future contributors.
Do I have it right?
If so, it sounds like the protection for Debian is the account ownership
requirement [2]. That ensures that we can recover account access if it were
lost. Are there situations where the conflict of interest restrictions are
needed to provide additional protection?
I'm conerned that we won't find another delegate. IIRC there were only three
eligible Debian members at the most recent sprint, and one has left the team.
So I'd like to consider other ways to protect ourselves, while opening the
delegation up to more of the team.
If there is no other way, then so be it. But I'm not convinced of that yet.
Thanks,
Ross
[1] In case it wasn't clear: I'm not criticizing the state of Debian on AWS.
This is the situation because Noah does the most of the work. He's doing a
great job, and I'm thankful for it.
[2] For reference, the relevant items from the delegation text:
- With the Debian Project Leader and under the auspices of the
Trusted Organizations, establish Debian accounts with cloud
providers, negotiating terms and conditions where necessary.
- With the Debian System Administration Team and the Trusted
Organizations, manage Debian account credentials with the cloud
providers and establish account life-cycle processes.