[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: non-DD contributors and the debian keyring

On Wed, Aug 20, 2003 at 05:03:17PM -0400, Stephen Frost wrote:
> * Martin Quinson (martin.quinson@tuxfamily.org) wrote:
> > On Wed, Aug 20, 2003 at 09:40:02AM -0400, Stephen Frost wrote:
> > > keyring.debian.org has only DDs in it.  I think people were suggesting
> > > using the public keyservers.  keyring.debian.org isn't a part of the
> > > public key servers.
> > 
> > That's the part of the system I was criticizing :)
> Not going to change.

Quite definitive answer.. Ok, I guess I got my answer and go back to work ;)
> > Nevertheless, should he trust the meaning of my translation blindly? I mean,
> > it could contain offending material, and even unlegal material. I guess that
> > there will be someone to engage pursuits if dpkg subtly displayed racial
> > crime incitation, or so. 
> To some extent "that's what unstable is for".

> I doubt a poor translation would make it into a released version.
A lot of poor translation get into stable, mainly by lack of manwork, but
you are right no offending translation gets into testing. At least in french.

> > Who will get sued in such situation? I guess Debian in first place, but if
> > I understand well, the whole identification process of the NM is exactly
> > about giving Debian the possibility to report the charges on the guilty
> > developper when sued, isn't it?
> Ehhh, I'm not sure I'd agree with that specifically, but whatever.

Mmm. If so, I really cannot understand the big deal with IDs when signing
the key. Knowing my ID is not enough to prove that I won't upload a rootkit,
and it is not even needed... I must be perticulary dumb.

> Honestly I see there being a very big difference between having rude
> things done in a translation and, for example, having packages which
> install rootkits.  Sorry, that's just life.

Sure. Who said the contrary ? I said that really broken translation can lead
to issues, too ("type 'Y' to erase/list the content of your home dir" ;).  
I never said that it was the most important point in Debian. I'm not *that*
dumb ;)

> > I know about the public servers, but I was wondering why Debian make things
> > harder for the DD while it has the infrastructure to simplify their work.
> What is harder for the DD and how could the existing Debian
> infrastructure fix that?  Nothing in what you've said would lead me to
> believe that there's something we can change which would make things
> easier for the DD with regard to 'poor' translations.

The whole story is about easing the technical issue in a trust relationship.

Of course, I could (and have) uploaded my key on public servers, meaning
that other Debian member could check than a given mail with my address
desserve the trust they habitually give me. But those guys would have to 
configure their email specifically on people like me[*]. I was wondering if
could be avoided, that's all.

A really great improvement of this situation would be to make easily
available the keys of people in the NM queue, since translators are supposed
to become debian "developer", too.

But, ok, if the majority here says that there would not be sufficient
benefit wrt the effort, I guess I'll have to deal with it. Easy :)

Thanks for your time, and sorry for preventing you fixing bugs.

[*] Yeah, I use my personal example because of my borken non-native english,
    to ease my sentences and have a little chance to get them right, But in
    fact, we are a whole bunch in my situation.

Und auch jetzt ist ein Mensch mehr Affe als irgend ein Affe.
          --- F. Nietzsche

Reply to: