[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

serious problems with Mr. Troup

[ This is a translated mail to the DPL. German speaking developers can
find the original text below. See below as well for what happened so far. ]

As already brought to your attention by the forwarded mails yesterday,
there are some problems between Mr. Troup and myself.

Adam Conrad contacted me today in a query and expressed the view of Mr.
Troup to me:

11:19 <infinity> "I'm _honestly_ not picking on Ingo here, if I saw
anyone else threatening to violate these rules  (and then refusing to
agree to them), I'd treat them exactly the same way."

I want to make clear, that I didn't explicitly rejected the policy, but
want to point out, why I used user/pass from arrakis for akire, which
were ok in the past and have been used widely. To approve the new
policy, I need ensured communication with Mr. Troup.

When I'm not informed about changes of policy, I simply can't follow
those policies. To avoid further misunderstandings here, I see a free
and unfiltered communication (without /ignore and/or mailfilters) as an
absolutely basic prerequisite for future cooperation. Otherwise I can't
guarantee for the security of my machines.
As long as I don't have secure positive acknowledge for a better
communication with/by Mr. Troup, I simply *can't* accept this changed
policy by good conscience.

The threatening of Mr. Troup to exclude my machines from all access
lists, may be understandable, but that will mean the dropping of the
m68k port by fact and therefore the death of Linux on m68k at all,
because Debian is the only distribution with m68k support.

This is of course not of benefit to anyone (except maybe Mr. Troup
himself), apparently. Therefore I request you as the DPL to act for

Without ensured and free communication (no ignores/mailfilters, replies
within 2 workdays whenever possible to mails, announcement of changes in
advance) I see no base for further cooperation with Mr. Troup (and
therefore the Project) and feel that the mutual trust is destroyed.

This would, of course, result in withdrawing of my buildd infrastucture,
namely arrakis, spice, shaihulud as well as akire. Apparently this isn't
in my sense at all, but not solvable in another way.

If there shouldn't be settled a consent until the end of February, I
expect the mutual trust as destroyed as well.


What happened so far?

I've been told by Adam Conrad that Mr. Troup wanted me to contact him, because he heard via third persons that I would work around security policy. So I did in a very friendly way.
Here are some extracts from those mails...

Frist answer by Mr. Troup:
> I know we may have been more slack about this in the past (esp. the
> i.d.o username/password pair), but a lot of things have changed
> post-compromise, this included.

> So, to be clear: the rules above about ssh keys and passwords are not
> negotiable and they absolutely must not be worked-around, avoided,
> bent, broken, ignored or anything similar.  I don't care how crap
> we're being about whatever or even how crap you think we're being
> about it - nothing will excuse a violation of this.

> Do you a) understand, and b) agree to this?

My answer to this:

a) yes
b) not really, because...

a) we currently have apparently 2 or 3 buildds with no access to incoming,
resulting in lot of overhead and given-back packages. This is now for >1 week
the case and I find that quite unnecessary.
b) I tried to contact you about this several times, but because of [1] i was
not able to do so.
c) there was a growing backlog again the last week and I would like to have a
low as possible backlog. And you know as well as I do that m68k always has
some problems when there is a huge backlog. Sometimes it lasts weeks to bring
that down. So, when there is a unnecessary reason for a huge backlog, that
should be dealt with it asap.
d) I've talked to you last late summer/early autumn about the user/pass
appearing in build logs on buildd.d.o and my security concerns about that and
offered you to route the traffic via my metered static IP. You didn't shared
my concerns about that and said that this would not be necessary, although it would be nice when it wouldn't be metered. Yes, I'm aware that this was before
the compromise.

>> [1] I'm afraid I still have you on /ignore on IRC and your mails are
>>     scored down too.

Given all those reasons, don't wonder when people try to work around you. I would be happier myself, when that wouldn't be necessary and I could contact you directly and would get an answer back in timely manner, let's say 2 work days.

That way we could have cleared out quickly the problems of akire and
spice/arrakis in the last week. Akire has only a static IP via a metered
tunnel, whereas the http traffic is going out via a transparent proxy and a dynamic IP, which I told both Wouter and Adam, but maybe I didn't stressed that enough. But as you can see here, some things get lost using intermediators.

So, for the future please set me on CC for all host related issues on those buildds. It will save time for you and us and avoid misunderstandings as it happened in the past.

Anyway, I prefer to work *with* people, not against them, but I need
communication/feedback for that. I hope you can understand this. :-)

Mr. Troups answer to this was basically:

> Ingo, I said non-negotiable and I meant it.  Either you agree to this,
> or you don't get any sort of access to ftp-master, period.

My response was:

Hmmm, I thought, when being told that you want me to contact you, that you are willing to cooperate.
I just have known better. :(

Let me rephrase it:
Mr. Troup complained to a third person and requested that person to contact me and tell me that I should contact him, because he heard from other third persons that I would abusing access controls. I then contacted him kindly, he responded that he heard that I would abusing ssh keys and user/pass for incoming and explained the new policy after that and requested me to acknowledge that new policy. I denied part of the accusations in my response and admitted that I used the user/pass of another buildd because he wasn't able to add that machine to incoming ACLs within weeks and refused to communicate with me, although I tried to contact him several times about that. The use of another buildd was a common way for some years to enable access to incoming when the new buildd has no own user/pass at that time. I explained him, that I have my problems with accepting the new policy because he didn't communicated the new policy to me and that should be solved better for the future. He didn't responded to my arguments at all in his reply. Therefore I felt that no further cooperation with Mr. Troup is possible on that ignorant base. I brought then the whole mail exchange about that to the attention of the DPL yesterday.

Today I received the threatening of being excluded at all from all ACLs. End of story.

-------- Original Message --------
Subject: unueberwindbare Probleme mit Mr. Troup
Date: Sat, 21 Feb 2004 13:07:03 +0100
From: Ingo Juergensmann <ij>
To: leader@debian.org

[ I'll write in German to be able to express myself in the best way I can and to avoid misunderstandings ]

Wie bereits in den gestrigen Mails angedeutet, gibt es diverse Probleme
zwischen Mr. Troup und mir.

Adam Conrad sprach mich heute wieder privat im Query an und legte mir wohl die Sichtweise von Mr. Troup dar:

11:19 <infinity> "I'm _honestly_ not picking on Ingo here, if I saw anyone else threatening to violate these rules (and then refusing to agree to them), I'd treat them exactly the same way."

Ich moechte klarstellen, dass ich nicht explizit die Policy zurueckgewiesen habe, sondern nur darauf hingewiesen hatte, aus welchen Gruenden ich user/pass fuer akire von arrakis benutzt hatte, was frueher durchaus ueblich und voellig ok war, und was fuer mich eine Voraussetzung ist, um die geaenderte Policy akzeptieren zu koennen: naemlich eine zugesicherte bessere Kommunikation mit Mr. Troup.
Wenn ich nicht ueber Policy-Aenderungen informiert werde, kann ich diese
auch nicht befolgen. Um solche Missverstaendnisse in Zukunft zu verhindern, sehe ich eine ungehinderte Kommunikation (ohne ignore und Mailfilter) als absolute Grundlage der zukuenftigen Zusammenarbeit an, weil ich ansonsten nicht fuer die Sicherheit meiner Rechner garantieren kann.
Solange ich keine entsprechende positive Zusage zur verbesserten
Kommunikation mit bzw. von Mr. Troup bekomme, *kann* ich die geaenderte
Policy nicht guten Gewissens akzeptieren.

Die Androhung von Mr. Troup den von mir gestellten Rechnern dann komplett die Zugriffsrechte zu entziehen, mag aus seiner Sicht verstaendlich sein, aber letztendlich hat das dann den Tod des m68k ports zur Folge und somit faktisch den gesamten Tod von Linux auf m68k zur Folge, da Debian die einzige Distribution mit m68k Support ist.

Dass das natuerlich in niemandens Interesse (ausser vielleicht Mr. Troups) ist, ist offensichtlich. Insofern bitte ich um entsprechende Vermittlung des DPL.

Ohne zugesicherte und freie Kommunikation (keine /ignores, Mailfilter, nach Moeglichkeit eine Reaktion binnen 2 Arbeitstagen, Ankuendigungen von Aenderungen im Vorfeld) sehe ich keine Grundlage fuer eine weitere
Zusammenhang und das Vertrauensverhaeltnis als zerruettet.

Dies wuerde natuerlich zwangsweise im Zurueckziehen meiner
buildd-Infrastruktur resultieren, sprich: arrakis, spice, shaihulud als auch akire wuerden nicht mehr dem Debian Projekt zur Verfuegung stehen.
Es ist offensichtlich, dass dies nicht in meinem Sinne, aber leider
unumgaenglich waere.

Sollte sich bis zum Ablauf des Monats Februar keine Einigung ergeben,
betrachte ich ebenfalls das Vertrauensverhaeltnis als zerruettet an.

Attachment: signature.asc
Description: Digital signature

Reply to: