Re: We have a problem

To: Patrick Ouellette <pouelle@debian.org>
Cc: Debian Hamradio Maintainers <debian-hams@lists.debian.org>
Subject: Re: We have a problem
From: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Date: Wed, 6 May 2015 20:10:13 +0200
Message-id: <[🔎] 554A5905.80604@physik.fu-berlin.de>
In-reply-to: <[🔎] 20150506180023.GK16858@flying-gecko.net>
References: <[🔎] 20150506132851.GA16858@flying-gecko.net> <[🔎] 20150506134227.GA7604@shiftout.net> <[🔎] 20150506142408.GB16858@flying-gecko.net> <[🔎] 554A3A6F.3020409@physik.fu-berlin.de> <[🔎] 20150506164946.GH16858@flying-gecko.net> <[🔎] 554A4CFC.3080902@physik.fu-berlin.de> <[🔎] 20150506180023.GK16858@flying-gecko.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 05/06/2015 08:00 PM, Patrick Ouellette wrote:
>> But as you can see, even his AM disagrees with you.
> 
> 
> Not entirely an accurate statement.  His AM was wondering why I
> was CCin him on the ham radio issue.  I have discussed it in
> private email with him.  If he wants to make it public he may.

Could you please stop with your dubious private mails? If you need to
complain about a fellow DM or DD, do it in front of them, not behind
their back.

> Having been an AM I can attest that it is much easier to put
> together the report package if you have input from the developer
> community (good and bad) about an applicant.
> 
> At the end of the process, the AM is asked to recommend (or not)
> the applicant.  This is not something that should be done lightly.

Yes, thank you, I know how the AM process works. You know, I happen to
be a DD as well.

> debian-hams is the ham radio maintainer list open to anyone.  It is
> the email address associated with the hamradio maintainers.  The
> uploaders list shows the Debian people actually interested in
> working on the package (and presumable subscribed to the email
> list).  Is that a better explanation for you?

No, uploaders is the list of people who are UPLOADING the package,
hence the name.

> That is kind of the point - he didn't even bother to send a message
> to the list.  I saw the report from the archive when the new
> package was uploaded.  There was a not in the change log about
> updating the uploaders list.  I had to go to the archive and grab
> the change log to find out I was removed from it.

But again, you were never the active maintainer of this package so you
have no reason to complain. Period.

>> Ask regarding what? Regarding the new upstream version?
> 
> 
> Ask (or even notify) the people he was removing from the package
> uploaders list.

You. Were. Not. An. Uploader. Period.

>> Then these people should post to the debian-hams mailing list
>> because, as you can see, everyone else so far on this list
>> disagrees with you.
> 
> 
> Only the people who have currently seen the discussion and decided
> it was worth their time have posted to the list.

Didn't you previously claim there are only like a handful of people on
this list?

>> Uhm, he has only permissions to upload the packages that he has
>> been given permission to. Claiming that he would get root access
>> running Debian if he gets dm-allow for soundmodem is a bit
>> stretched, don't you think?
> 
> 
> No.  The package scripts run with root permissions.  There is
> nothing stopping a malicious script from being uploaded as part of
> a package. Debian provides little in the way of safeguards against
> this other than the developer community.

Ever heard of reproducible builds?

>> You're being paranoid, I'm sorry. He did absolutely nothing that
>> would any reasonable person come to this conclusion.
> 
> 
> Some would say I am being careful to identify potential risks.
> Identifying risks, deciding the probability of the risk being
> exploited or causing harm, and then developing appropriate
> responses is part of being a responsible system administrator.  So
> yes, I'm paranoid.

No, you are a DD who has apparently been absent for too long and needs
to catch up with the community as the community has moved on.

Adrian

- -- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaubitz@debian.org
`. `'   Freie Universitaet Berlin - glaubitz@physik.fu-berlin.de
  `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVSlkFAAoJEHQmOzf1tfkT80sP/0iFOpjrUF8N2HU6S0DB59Bf
3Cgokl+SoWNUgJXvvAyHLNZTw1VsqDwM9TMJpLWGMNBHlikCJcqmp/aU40i9L2PU
pZKwd2wnybuFuk0+kYRarWHuC19KngNC2QGYcbL0r0cODjHx2EylLz6JwtDxkuEB
aTFlPuQxIHksxATET4/+iCITGDcmcyuw5eTviwcIeoLUpA8RjMDkvyhPnk6wXOjp
CmLfFd780vPp/pDDn4fPUfMnCcIKPCjPyCQHiIWxxUHAjSFOWpvWO4Yu4mzTDVM9
nWag7juHBqOCnoEqXV4r+Jhd8yfybDsprXG/vTkXtPtwMeVXISoGfEuSRwa0mCnk
2AEdfncZUbjUcFG5jbDovDZtT+VRDTTk/bL+AKRdKiwP0HsxD2Q1U4uK3q+JGEJM
a3e45o/rOzFEZuQL8g/5X5pCAcux+rjhrblV4rLeCURaawRPVWxB8S4X0CtvptU4
Cbxgwx39JBC2iw/DZI3UeMn2h9K2A0B36m4Bs3nz4OPyOY6XYlH8WjVALLTCyni8
nh79cCAJwHpNrXL+qvLzHVgTOj4Usa3h93lFVOy9Lz1ZnBGMoSWv5va3k778z+WL
hXccbBJss5NjuFNYGtGpkkLcMuHO+cOrIBRmaIt4MdGELAJ6OXLwpM5kRaQI8CuR
D56Kra4Rmv6M79WItGoe
=V46x
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: We have a problem
  - From: Patrick Ouellette <pouelle@debian.org>

References:
- We have a problem
  - From: Patrick Ouellette <pouelle@debian.org>
- Re: We have a problem
  - From: "Iain R. Learmonth" <irl@fsfe.org>
- Re: We have a problem
  - From: Patrick Ouellette <pouelle@debian.org>
- Re: We have a problem
  - From: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
- Re: We have a problem
  - From: Patrick Ouellette <pouelle@debian.org>
- Re: We have a problem
  - From: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
- Re: We have a problem
  - From: Patrick Ouellette <pouelle@debian.org>

Prev by Date: Re: We have a problem
Next by Date: Re: We have a problem
Previous by thread: Re: We have a problem
Next by thread: Re: We have a problem
Index(es):
- Date
- Thread