[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Mentors upload authentication

This one time, at band camp, Michael Gilbert said:
> Based on discussion about making mentors official, one of the key
> requirements is contributor DMUP agreement and upload authentication.
> One thought I had recently was to move the file hosting functionality
> over to alioth, which already has the necessary authentication
> infrastructure.  The process from a contributors perspective then
> would be something like:

I think that there are two main problems with this idea: 

First, alioth, while having an infrastructure for ssh keys, doesn't know
anything about gpg keyrings and signed packages and so on, so all of
that work still has to be done (and this is the hard bit - distributing
ssh public keys is easy).

Second, I think requiring all contributors on alioth to sign the DMUP is
a very bad idea.  We host some external project like SANE that have no
reason to want to sign agreements about their usage of machines they'll
never log in to.  Even if we did think it was a good idea, account
creation is entirely automatic and on demand - we have no way of
ensuring people have read and agreed to something beyond adding a click
through web page at creation time or something (ick!).

So, I think this doesn't sound like a good fit to me, sorry.

|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran@debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |

Attachment: signature.asc
Description: Digital signature

Reply to: