On Wed, Feb 14, 2018 at 04:09:11PM +0000, Jonathan McDowell wrote:
> On Mon, Feb 05, 2018 at 12:48:06AM +0100, Mattia Rizzolo wrote:
> > "unacceptable uid, rejected by keyring-maint".
>
> <dons keyring-maint hat>Let's be clear, the only rejected UID I recall
> recently was someone applying for DM status who had added an @debian.org
> email address to their key which they had no entitlement to.</doffs
> keyring-maint hat>
There also was one with an UID with a completely different name from the
others (I don't remember if that one was rejected by you or just frowned
upon but later approved).
> > I believe the processes should not proceed (in particular, not accept
> > advocacies) until the key is not valid, or manually accepted by FD.
> At the moment there is no requirement on Front Desk to get involved in a
> process before it's been confirmed that an applicant has an advocate and
> is ready to progress in their application. Your proposal would instead
> require that Front Desk get involved at the start of any process and
> prevent any action until they had done so. That pushes the up front work
> from a large pool of potentials (the advocates) to a small, overworked
> team (Front Desk).
Well, they already have to, to approve the key.
Yes, this would block the processes until that (quite critical) part of
the process is not cleared.
> > Those 6 processes I've looked at don't show any sign of a solution in
> > sight, and will probably be closed by FD one of these days, causing
> > unhappiness for all the involved parties¹.
> From where I'm sitting it's not clear that is an improvement. Those
> processes with invalid keys will still be stalled, they will still sit
> visible in the Front Desk web interface until closed out or the key
> issues are fixed and really the only slight positive seems to be that
> advocates won't have to send advocacies for people who might not make it
> through the process.
It would also avoid bad feelings from potential DMs who see their
processes manually closed for inactivity when they have everything and
only lack a signed key.
As a matter of fact, I know there is a timeout thing somewhere closing
processes without any advocacy after a while. That would allow this
mechanism to work for DMs without good enough keys, without manual
involvement (and avoids "damn Mattia, closing my process!"-thoughts).
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
Attachment:
signature.asc
Description: PGP signature