Security concerns about our Launchpad teams and projects.

To: Debian Java List <debian-java@lists.debian.org>, Andrew Ross <andrew@rossfamily.co.uk>
Subject: Security concerns about our Launchpad teams and projects.
From: Niels Thykier <niels@thykier.net>
Date: Tue, 25 Oct 2011 20:11:54 +0200
Message-id: <[🔎] 4EA6FBEA.6020602@thykier.net>

Hey,

I got an email from Launchpad about the colorpicker project, which is
currently "maintained" by the pkg-java team in Launchpad.  Long story
short, this is not acceptable because the pkg-java team is under an
open-subscription policy[1].  For now I have given the maintainership of
colorpick back to Andrew Ross, which should solve the immediate issue.

But it does raise the question of how to handle this in general.  We
already have two teams on Launchpad (pkg-java and debian-java, both
open), so we could close one of them to maintain these projects and
leave the other one open.
  But this implies that the administrators of the closed team[2] are
stricter in our acceptance (plus we would have to double check existing
members).

For reference, the "project pages" in question are launchpad's "upstream
projects", so I am not even 100% sure it makes sense for the Java Team
to control these.

So, should we keep both teams open (and not accept maintainership of any
"projects") or close one of them for this purpose?

~Niels

[1] I am not certain the rationale is public at the moment, so I will
not disclose it now.

[2] Currently they are both administrated by Torsen Werner, Damien
Raude-Morvan and myself.

Reply to:

Follow-Ups:
- Re: Security concerns about our Launchpad teams and projects.
  - From: Andrew Ross <andrew@rossfamily.co.uk>

Prev by Date: RFS: libgnujaf-java
Next by Date: Re: RFS: eclipse-jgit
Previous by thread: RFS: libgnujaf-java
Next by thread: Re: Security concerns about our Launchpad teams and projects.
Index(es):
- Date
- Thread