[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Identification step in the current scheme (Re: Fear the new maintainer process)


Since the new list debian-newmaint-discuss was created (Thanks list-admins!)
I think this topic should be moved on to there.  For members in the NM team
who has not subscribed the new list, I sent the copy of this mail to the old
nm-admin list.

In <20000731005548.A12428@ftoomsh.progsoc.uts.edu.au>,
  on Mon, 31 Jul 2000 00:55:48 +1000,
 Anand Kumria <wildfire@progsoc.uts.edu.au> wrote:

> On Sun, Jul 30, 2000 at 02:22:09PM +0200, Wichert Akkerman wrote:
> > Previously Anand Kumria wrote:
> > > Applicants whose keys are signed by existing developers must still
> > > submit a photographic ID of themselves.
> > 
> > This is not true as far as I know.
> Well two developers have already pointed out otherwise; plus this:
> <URL: http://www.debian.org/devel/join/nm-step2>
> It talks about an "eyeball" and "handshake" portion (whatever they are)
> To satisfy the "handshake" portion you are supposed to provide a key
> and an image signed with that key.

Yes.  I wrote it there since I have thought that it is required.  
If this is not true anymore, then I will happily rewrite it.  
Can I do that ?

> To satisfy the "eyeball" portion one means is to have your key signed by
> another developer. This is, as far as know, how all the AMs have read and 
> interupreted this.  In fact I don't recall anyone using clauses 2 or 3
> to close the "eyeball" loop.

There was a "test case" done by Julian Gilbey for his applicant,
where the applicant does not have the key signed by Debian member
initially. But the applicant eventually got the signature on his 
key, so it can be classified as one of cases which used clause 1.

> I think the identification step should be in two halves:
> - An applicant must have a public key.
> 1. The key must be acceptable to GNU Privacy Guard (GnuPG) without
> additional (non-free) modules
> 2. The key must be self-signed
> If an applicants key is already signed by an existing Debian Developer, the
> identification step is deemed complete. Continue with Step 3 and exit Step 2.
> - An applicant should provide another means of identifying themselves
> This applies if the applicants key is not already signed by an existing
> Debian Developer. Some possible means are:
> 1. A signed image of themselves
> 2. A reference by someone known to both the applicant and the AM (e.g. Linus)
> 3. (potentially) A well known signatory on their public key (e.g. RMS)
> 4. Some other means acceptable to both the applicant and the AM.
> I list 3 as a potential as this possibility does not currently exist
> in closing the "eyeball" section.

For the record, I won't object this proposal (in fact, I prefer this).
I know the decision is not under my control at all, of course.

  Taketoshi Sano: <sano@debian.org>,<sano@debian.or.jp>,<kgh12351@nifty.ne.jp>

Reply to: