On Wed, Sep 01, 2004 at 03:06:45PM +0200, Goswin von Brederlow wrote:
> Hamish Moffatt <hamish@debian.org> writes:
> > It's nothing personal. I don't know the reasons why you weren't accepted
> > as a DD and that's not really the issue at hand. But shutting down those
> > buildds was the right thing to do I think.
>
> As for my m68k system, as far as I can tell since James never answered
> me directly, it was rejected because James thought with my DD
> rejection coming up I would withdraw the system. Allowing it in
> would be wasted work. Go figure.
As I understood it, James refused it because he thought you could go mad
and angry once the DD rejection would be reality. You certainly would
have the skills to insert trojan binaries into an official package;
whether you would indeed do this is a different matter, and although I
don't think it's likely that you would've done so, I do think James'
refusal, if it was on those grounds, was justified.
> If it were personal and Debian had reasons not to trust me that would
> be OK (well, not for me but in general) but it's not. Its worse. DDs
> are not allowed to think for themself and decide whom and what systems
> to trust. That was the message conveyed in the thread and on irc. Its
> not the place of a DD to decide for all of Debian whom to trust.
Agreed.
However, the issue is not that we don't trust people who are not Debian
Developers; the issue is that we can't trust everyone on this planet,
and that we need to draw a line /somewhere/. That line needs to have
some kind of objectivity to it. No, the whether someone has the
Developer status isn't fully objective either; but it's the best we've
got.
The alternative would be to drop the PGP key checking completely and to
allow anyone to upload packages. Would you want that?
--
EARTH
smog | bricks
AIR -- mud -- FIRE
soda water | tequila
WATER
-- with thanks to fortune
Attachment:
signature.asc
Description: Digital signature