[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from the DPL (May 2019)



On Thu, 06 Jun 2019, Andreas Tille wrote:

> On Wed, Jun 05, 2019 at 10:14:50AM -0400, Sam Hartman wrote:
> > >>>>> "Norbert" == Norbert Preining <preining@logic.at> writes:
> > 
> >     Norbert> I would propose something else: Debian rights are defined
> >     Norbert> by presence/absence of a GPG key in certain key rings. This
> >     Norbert> should be completely independent from what one can do on
> >     Norbert> salsa.  So I propose that whatever one's level within
> >     Norbert> Debian is, it should not change the status on salsa.
> > 
> > Well, developers are also granted rights in the debian group on salsa,
> > and that is tied to whether you are currently a developer.
> 
> I fully agree with Norbert.  You might argue that a developer who was
> removed from the keyring could write a script and do some harm on all
> git repositories in the debian group to take some "revenge" for becoming
> expelled.  I see no practival relevance for such a scenario.  As far as
> I understood Norberts case it was not intended to block him from
> contributing - but removing his permissions on salsa made it very hard
> for him to contribute.
> 
> I do not have any idea whether there is an easy technical implementation
> for Norberts suggestion but I'm in favour of it.
The whole group is basically ldap controlled. And in fact salsa didn't
removed any permission. The account was disabled in LDAP and therefore
disabled on salsa (which makes perfectly sense in my eyes). So unless you
create a new account state in ldap I don't see any good solution for changing
the current behaviour. Of course we want to also disable @debian.org accounts
when they are disabled in (ud)ldap.

Alex
 


Reply to: