[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Unofficial repositories on 'debian' domains

* Stefano Zacchiroli [2012-03-05 08:40 +0100]:
> On Sun, Mar 04, 2012 at 10:59:39PM +0000, Ben Hutchings wrote:
> While we are at it, I also think we should provide an index of
> *.debian.net entries on that splash page.
> http://wiki.debian.org/DebianNetDomains is just too prone to outdateness
> and incompleteness. The index can be automatically generated from LDAP
> and. IIRC a past chat with DSA, DSA is fine with that but is aware of
> privacy concerns that some of the registrant of *.debian.net entries
> might have. Personally, I don't think we should be worried about privacy
> concerns there. The debian.net is a Debian project resource and we
> should be ready to advertise all its entries, otherwise people should
> not register them in the first place.

In a non-public mail, Rhonda explained an argument against publishing
such automatically generated lists.  A short summary is:

  DSA uses ACLs for access control of information available via LDAP.
  Circumventing this access control by publishing these lists would be
  a violation of DMUP.

Considering the above argument, an explicit permission from DSA
(possibly alternatively from the DPL) might be needed to be able to
publish the generated list.

An other argument against publishing the list is that this information
used to be non-public.  Publishing information that used to be
non-public without noticing people priorly to give them the chance to
remove the part they do not want to be published is not that nice.  The
canonical way to reach all DDs is to send a mail to debian-devel-announce.
I think if we decide to publish a list of all .debian.net domains, such
a mail should be sent.

A related problem is that there is no general way to find out how to
reach someone being responsible for a specific .debian.net service.  The
DD that originally registered the domain is not necessarily still
involved in providing the service and possibly might registered the
domain on behalf of someone who is not yet a DD.  A way to solve the
first is to update the account linked to the domain if the original
registrant is not involved anymore; the second could be solved by
requiring the DD that registered it to act as proxy to the responsible
person (mentioning the real contact address on the services web site
would avoid the need to act as proxy in most cases).

A different approach to try to solve this reachability problem is to set
up an email forward from ${service}@dotnet.debian.org to the appropriate
email address.


Reply to: