[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Legal names (was: AM report for Vagrant Cascadian <vagrant@freegeek.org>)

This one time, at band camp, Steve Langasek said:
> On Fri, Jul 31, 2009 at 04:03:14PM +0200, Joerg Jaspert wrote:
> > Currently we think a good way to do this is to have the applicant be
> > known to multiple Debian Developers who speak up for them to the DAM.
> > The applicant, who should be a long-term contributor already, also needs
> > to be willing to reveal his identity to the DAM, DSA and the
> > at-that-time-acting leader, together with the reason why he wants the
> > synonym to be used. Those mails can, of course, be encrypted to the
> > various persons.
> > That way there can be exceptions but the project still can trace people
> > if they really need it, going through the persons mentioned above.
> Encrypting this information to "the various persons" implies that the
> project itself can lose access to this information if those people all
> become unavailable in the future.  Is the information also stored somewhere
> that DSA (the role, not the people currently in it) will be able to recover
> that information if needed?

DSA currently uses the pws helper application
(http://svn.noreply.org/git/pwstore.git) to encrypt various files to
several gpg keys at the same time.  As people come and go from role
accounts, the files can be reencrypted as need be, so long as one person
can still decrypt it.  While not perfect, it does help to reduce the bus

This is not to say that we currently have any information for vagrant
stored that way, but I assume that when the time comes, we'll do
something along those lines.

|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran@debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |

Attachment: signature.asc
Description: Digital signature

Reply to: