[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Changes to Debian Maintainer upload permissions

On Sat, Sep 22, 2012 at 11:56:54AM +0200, Arno Tröll wrote:
> Hi,
> On 22.09.2012 10:06, Ansgar Burchardt wrote:
> > We are using this opportunity to clean up the "DM database" and will not
> > convert any of the DMUA flags to the new format, but two months ought to
> > be enough for any active DM to ensure their sponsor DDs have set the new
> > permission.
> please don't. This is not only to work out active DMs, but also a denial
> of service attack against active DMs where their former sponsor is
> unavailable or disappeared since then. It's not necessarily the DMs
> fault, if he fails to get _someone else_ to send a "be-alive" message
> within two months.

OK, here's how I see this.

If any DM asks me to, and they can show they've made uploads (with
DMUA) before this announcement for that package, and that they've not
broken things in a gnarly gnarly way (and if their sponsor is VAC,
MIA or otherwise not here), I don't think I'd have any problem flipping
the bit back over.

Yes, even if I'd not have given them DMUA on my own.

In the end, being a DM comes down to *trust*.

They could (quite easily) break into a buildd / slave it out for evil.

Why should we assume the worst? Let's just lax the rules slightly if
they had DMUA and used it for requests for the next month or two.

We trust they are who they say they are, and if they show they've made
good decisions when uploading in the past, why not. It's easy to revoke
the commit bit.

My two cents :)

 .''`.  Paul Tagliamonte <paultag@debian.org>
: :'  : Proud Debian Developer
`. `'`  4096R / 8F04 9AD8 2C92 066C 7352  D28A 7B58 5B30 807C 2A87
 `-     http://people.debian.org/~paultag

Attachment: signature.asc
Description: Digital signature

Reply to: