[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#889616: nm.debian.org: please block DM applications until the key requirements are satisfied

On Wed, Feb 14, 2018 at 04:09:11PM +0000, Jonathan McDowell wrote:
> On Mon, Feb 05, 2018 at 12:48:06AM +0100, Mattia Rizzolo wrote:
> > "unacceptable uid, rejected by keyring-maint".
> <dons keyring-maint hat>Let's be clear, the only rejected UID I recall
> recently was someone applying for DM status who had added an @debian.org
> email address to their key which they had no entitlement to.</doffs
> keyring-maint hat>

There also was one with an UID with a completely different name from the
others (I don't remember if that one was rejected by you or just frowned
upon but later approved).

> > I believe the processes should not proceed (in particular, not accept
> > advocacies) until the key is not valid, or manually accepted by FD.
> At the moment there is no requirement on Front Desk to get involved in a
> process before it's been confirmed that an applicant has an advocate and
> is ready to progress in their application. Your proposal would instead
> require that Front Desk get involved at the start of any process and
> prevent any action until they had done so. That pushes the up front work
> from a large pool of potentials (the advocates) to a small, overworked
> team (Front Desk).

Well, they already have to, to approve the key.
Yes, this would block the processes until that (quite critical) part of
the process is not cleared.

> > Those 6 processes I've looked at don't show any sign of a solution in
> > sight, and will probably be closed by FD one of these days, causing
> > unhappiness for all the involved parties¹.
> From where I'm sitting it's not clear that is an improvement. Those
> processes with invalid keys will still be stalled, they will still sit
> visible in the Front Desk web interface until closed out or the key
> issues are fixed and really the only slight positive seems to be that
> advocates won't have to send advocacies for people who might not make it
> through the process.

It would also avoid bad feelings from potential DMs who see their
processes manually closed for inactivity when they have everything and
only lack a signed key.

As a matter of fact, I know there is a timeout thing somewhere closing
processes without any advocacy after a while.  That would allow this
mechanism to work for DMs without good enough keys, without manual
involvement (and avoids "damn Mattia, closing my process!"-thoughts).

                        Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540      .''`.
more about me:  https://mapreri.org                             : :'  :
Launchpad user: https://launchpad.net/~mapreri                  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-

Attachment: signature.asc
Description: PGP signature

Reply to: