Kevin Mark dijo [Mon, Mar 19, 2007 at 05:41:32AM -0400]: > Hi, > I was mulling over a 3-tiered Debian contributer system: > Debian contributer(non-software contributer) > Debian maintainer(software contributer with limited upload rights) > Debian developer(software contributer with full upload rights) > where a a DC and DM would not have access to debian.org machines. Umh... I don't like that much viewing this as three tiers, three consecutive stages you progress on as if you were progressing towards nirvana :) And, besides, you left out the "voting rights" part, which is quite important as well. > I think the idea of limiting access to debian.org machines to DDs would > be more secure than having all DC's and DM's have access. At least that > is what I surmise. > > Then I wondered what percentage of DDs require access to debian.org > machines? Umh... Looking at Marga's answer, and thinking a bit on this, maybe the answer leads somewhere else... As she points out, we all might need access to a @debian.org machine every now and then, to get to some information, to update our people.debian.org information, or whatever - Now, what about this probably over-simplified workflow? 1- Nobody has access to @d.o machines by default 2- There is a subset of @d.o machines which accept DD login 2.1- There might even be a sub-subset which accept DM or DC login. Worth considering :) 3- If a DD needs access to a specific machine, (he|she|it) sends a GPG-signed machine-readable message requesting access to the specific needed machine 4- After a given time, access will be automatically revoked 4.1- If somebody often requires access to a machine or set of machines, (he|she|it) can request for permanently enabled access I think this would fit most of us quite nicely, and strongly help prevent breakins like the ones we have suffered. What do you say? Greetings, -- Gunnar Wolf - gwolf@gwolf.org - (+52-55)5623-0154 / 1451-2244 PGP key 1024D/8BB527AF 2001-10-23 Fingerprint: 0C79 D2D1 2C4E 9CE4 5973 F800 D80E F35A 8BB5 27AF
Attachment:
signature.asc
Description: Digital signature