Re: We have a problem
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 05/06/2015 06:56 PM, Patrick Ouellette wrote:
>> Ah, I'm just realizing now. You didn't know that dm-allow
>> exists, that's somewhat embarrassing given the fact that you were
>> trying to teach others on how Debian works.
>
> No, it is not about not knowing dm-allow exists. It is about not
> being comfortable that it exists.
I'm sorry if I repeat myself, but you're being paranoid. If you or any
user doesn't trust Iain, they can just download the source code and
diff the code against the vanilla upstream package to check whether
Iain installed any backdoors into the package. Together with Debian's
new reproducible build system, you can then be absolutely sure that
the package is clean as the latter guarantees the source you were
reviewing produces the package as seen in the archives.
Also, as I explained before, if you set a DM to dm-allow, he gets
upload permission for just the packages which other Debian Developers
have previously reviewed. Together with the fact that you normally
need three valid signatures of active DDs to become a DM, it means
Iain's work has been reviewed by at least four independent DDs. So, if
he wanted to harm Debian and its users in any way, he'd first need to
win the trust of four Debian Developers.
So, if you don't trust Iain, it means you also don't trust at least
four fellow Debian Developers not being able to assess his work and
trustworthiness.
>> In any case, Iain is doing a great job and I have no doubt that
>> he is on his right way to become a DD. I have done lots of
>> sponsoring and I have also reviewed his packages and all what I
>> have seen so far required little to no corrections.
>
>
> In general I agree. Iain has been a much needed spark in the ham
> radio package area. There is such a thing as trying to do too
> much, too fast - especially when you don't know the history.
But there is also the thing of older people being afraid of new things
and new people. Remember the systemd flamewars on debian-devel and
everywhere on the web? There were especially older Linux users and
developers who went so paranoid they completely freaked out which
eventually lead to several DDs resigning just because they couldn't
cope with long overdue changes.
Adrian
- --
.''`. John Paul Adrian Glaubitz
: :' : Debian Developer - glaubitz@debian.org
`. `' Freie Universitaet Berlin - glaubitz@physik.fu-berlin.de
`- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJVSk+HAAoJEHQmOzf1tfkTMy8QAMd4EULzu+l5uQ33zkgemfds
hXnULxXeEsRd4KqmFHDzWgU0wuOk5pW3hyS7WHd2rUpgarFJOAoYDKLbW1U0Fncj
TUabM3VwRCiV5lQJFUB3nKVJwqyBacmQ3Ays5k0DrrySx1EobtHQ+BOX7KwvqUHz
AUUlID+JrdDzm5MExojrxTbeezO8zbnZeUGHspZC92XAqH6dwbbJhc9NQBwuEs0H
zy7+7vxqQbsCM/VfOtSARGt6conSEJSSSm/vvwS1hLtFsOlE+Qz3sXaswLW4uPT/
tlaMqJPhK3P84b2M6i9Tjg7ZFcUXYzXeSqrxbYFBwqmUY+ySnkuvBOnMUNqB+QYP
mh+flm/qY+/8OIofowf634J0JQXFbCoNs3odsPDZelv/NjMzYV9dSzTY5t26q/wk
5qQk/mbumOh58LUWyIX4kjn11ndD9kWzdRMGaMtYVilt4LaGn2FDK/uVtwjTqwg6
D1C/eNfYFzBUkfoM4fWpCBWPBxFbSvrkd+2JEH8biWsarRP/iEPQeRNzb81/lHM4
Ho2U7m7TmSfltUCdUlyaI1EHqsyFYptbI0TeLPCYGEb7Puy9GhxuHrXXqjRp3V2t
m1m0EX2R7zSCS8rEmFaqQ2g2CAwae6e2p214igR8XcOm2f6RQlldQR5/9BDBswLz
5hk7cVm32aEYrFtvhi8o
=a042
-----END PGP SIGNATURE-----
Reply to: