[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from the DAMs

=?iso-8859-15?q?J=E9r=F4me_Marant?= <jmarant@free.fr> writes:

>> - We wont accept[5] applicants who have only one signature on their GPG-key
>>   if that signature is made by the advocate. If it has only a signature
>>   from the advocate at least another one from the web-of-trust is
>>   needed. Not neccessarly a DD to sign the key, any other well-connected
>>   key is sufficient.
>>   Applicants will be put on hold until this is fixed, but it shouldn't
>>   last too long.
>>   This is to avoid theoretical things against us/the applicants, that
>>   they are "faked" by the advocate, by providing one or more other
>>   signatures from different people.
> I don't get it. Do you have a concrete example that makes this necessary?
> It seems more and more difficult to become member of Debian, which is
> after all a volonteer-only project. Why trying to more and more discourage
> people to contribute? 

Do you realy think it is difficult to get a second signature onto your
gpg key? Go to one key-signing party and you get 10 even on a small

It might be difficult to get a DD signature for geographical reasons
but any signature is pretty simple. And, given how tight the web of
trust is, a random signature is probably no more than 2-4 hops away
from a DD.

>> - Also not accepted are people without traceable actions for
>>   Debian. Examples of this include
>>    - having only one package in the archive, with only one upload,
>>    - packages with dead upstream and no visible changes in Debian either,
>>    - a poor or non-existent handling of their bugs for the package(s).
> What about translators? Isn't it time to give them a real status?
> They definitely aren't second-class contributors.

That should be a "traceable action" through the changelogs.


Reply to: