Daniel Baumann wrote on 02/04/2006 17:36: > Mario Iseli wrote: > >>What i do not really understand is the principe of NM >>- some years ago you could become a DD in some weeks and today in some >>years. > > This didn't changed because the NM infrastructure doesn't scale > (enough), but because the average applicant is less qualified than in > the great ancient times of Debian. ??? How can you tell? Did you any kind of review of applicant qualifications (at the time of there application) for past and current DD applicants? > The NM process is about trust, and trust > is something you have to earn and which is given only very carefully. Come on, the NM process isn't about trust (except for the GPG signature part). It's (if that) about skills. And it's about endurance. I'm not saying this is a bad thing, but pretending that the NM process builds up trust is just plain wrong. >>Why can't it be easier to become a DD, i mean: if someone abuses >>his privileges they still can be deleted, right? > > Again, you propose to risk Debians good reputation and integrity in > favour for an earlier DD status. He might propose to risk Debians reputation when he (seemingly) says that Debian should just accept new DDs and risk the possibility that these need to be expelled later after doing evil things. However, becoming a DD shouldn't necessarily get easier than it is now, but it surely should get faster. And, BTW: Debian's NM process helps eliminating accidental bad DD behaviour (like uploading broken packages), but it doesn't do anything[1] to eliminate intentional wrongdoing. [1] Except for indirectly linking a DD account to a real person by GPG signatures. > Remember that for the most taks in Debian, you don't need to be a DD. True, but you need a sponsor (and finding one as well as working with even a very friendly sponsor can get quite tedious and frustrating at times). > If you play Mr. Evil in CAcert, you compromise *limited* amount of it's > web-of-trust. If you play Mr. Evil on CAcert, you basically kill it's whole web of trust since there is no easy way of knowing (for the end user), which certs "Mr. Evil" compromised. But you don't actually compromise any computer. > If you play Basterd Debian Developer from Hell, you affect > *all* Debian machines at once, beeing Debian Developer means practically > to be root on over 30 million machines in the world. That's not really true. It is equivalent to be root on many thousands of machines perhaps, unless you do wrong on an essential package (note that I don't mean essential as in "Essential: yes", but as in used on nearly any Debian based system). And still the possible damage is a lot more limited, since most non-developer machines are installed with eiter stable (nearly impossible for a "simple" DD to put a trojan in unnoticed) or testing (easier to compromise). But an evildoing DD can cause a lot of damage to both the systems using Debian and to Debian itself. >>I think it's wrong to do this "tests" during the current NM process, >>because the only real test is real work - grant the applicant some >>rights and he has to show what he can really do. > > You don't need to be DD to do *real* work on Debian, neither the NM > process nor the DD status is something which does hinder you in your > work. Not having DD status _does_ hinder you in your work for Debian. It doesn't keep you from doing the work (unless what you want to do can only be done with access to the Debian machines), but it makes it harder to do your work. > The work you do should be in the center of your doing, not the > privileges you have. True, but don't pretend that these privileges mean nothing to the work. They make the work a lot easier to do. cu, Sven
Attachment:
signature.asc
Description: OpenPGP digital signature