Re: Debian Maintainer status for Kai Hendry
(Kai Hendry added to Cc, to make really sure he gets the reply and a chance
to speak up).
On Tue, 22 Jan 2008, Raphael Hertzog wrote:
> On Mon, 21 Jan 2008, Bas Wijnen wrote:
> > On Mon, Jan 21, 2008 at 08:19:11PM +0000, Kai Hendry wrote:
> > > I've been in the queue for almost 4 years now:
> > > https://nm.debian.org/nmstatus.php?email=hendry%40iki.fi
> >
> > Looking at that page, you should have passed the DAM check years ago...
> > Do you know the reason you didn't? Is there something wrong with the
> > application?
>
> Kai has been advocating stuff which do not really match Debian's
> philosophy.
>
> http://natalian.org/archives/2006/05/26/no-gpg/
Speaking as a DD, I have nothing against Kai (or his work), but I have a lot
to worry about his past instance re. security. My opinion is on the above
linked blog, as a comment. I will repeat the gist of it here:
"The issue here is that you show a surprisingly naive attitude about the
whole deal. I sure hope you are not going through NM...
A key (when properly handled) is much more secure than a simple passphrase
(even when the passphrase is also properly handed). This is the very basic
security concept of requiring "something you know" and "something you have",
against just requiring "something you know".
The whole Wiki idea is either moot (you would use passphrase-protected keys
to auth to the wiki, at which point you have exactly what Debian has right
now, with a different interface), or just plain stupid from a security
standpoint.
Digital signatures last after the upload. A simple login in some wiki,
doesn't. And digital signatures are extremely more difficult to tamper with
than a server log, and much easier to distribute (which BTW, Debian does. We
send all of them to mailing-lists that a number of people around the world
read and archive). They could be very helpful when tracking down
compromises.
And the acceptable time-window for a compromised package in Debian is very
close to zero. I doubt very much so it is the same for a bogus Wikipedia
page."
Unless Kai has changed his instance since then (it has been more than one
year, after all), and changed it enough to be trusted to go through the real
pains of proper DD responsability when faced with write access to the Debian
package repository, and worse, when faced with a crypto compromise on his
key and the work expected from a DD/DM to make up for it, I don't think he
should be allowed any sort of direct write access to Debian repositories
depending on crypto. And that *does* include being added to the DM keyring.
Also, DM is not supposed to be used to get people write access faster than
the DAM approval when one is already at DAM approval stage, is it? It would
be better if Kai's AM and also the NM helpdesk were to work with him to
verify whether the reason for the hold up is still valid or not, and prepare
a new report for the DAM.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
Reply to: