[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Discussing the DMUP


        I was looking at the Debian Machine usage policy (to be found
 at <URL:http://www.debian.org/devel/dmup>), and found a number of
 glaring flaws and omissions. More ominously, I think that unlike the
 constitution, the DMUP places uncontrolled power into the hands of
 the DSA, with no checks on the use of these powers.

     I think it needs a rewrite, and one that should go through a
 better review process than the current one did. An document that
 determines the rulkes and penalties that the developer community has
 to live by should noit be decided by a small group of people; this
 needs ratification by the whole project. 

       I am dismayed that that was not considered necessary. 

       Also, there is no accountability delineated in this document;
 there are poweres, but no penalties for the abuse of those powers
 (unlike transgressions by mere mortals, the penalties for those are
 stated up front.

        I think we need a rewrite, from the ground up, in full view,
 and full ratification of the developer community.

     Here are a few shortcoming that I found to shore up the above

                 This document contains two parts: policies and
                 guidelines.  The rules in the policies are binding
                 and may not be violated. The guidelines specify rules
                 that may be violated if necessary but we would rather
                 one did not.

      Incidentally, there are no guidelines. This whole document seems
 incomplete, hurriedly foisted onto us, without even a minimal proof

                        Don't by any wilful, deliberate, reckless or unlawful
                        act interfere with the work of another developer or
                        jeopardize the integrity of data networks, computing
                        equipment, systems programs, or other stored

    I violate this every time I use ppp. Or sue an editor to write
 code that just happens to be buggy. Or delete files. What is missing
 is the word unauthorized, obviously. Authorized disruption of
 intergrity of data networks should be perfectly fine, espescially
 when I own that network segment. 

                         Access to Debian Facilities is a privilege, not a right
                         or a commercial service, and we reserve the right to
                         revoke this privilege at any time, without prior
                         notice. An explanation will be given within 48 hours. 

    If we here is the admin team, this paragraph gives the team an
 right to revoke any access, whether or not the trms of the DMUP were
 violated. All is required is an explanation (note, as written, the
 explanation could be anything at all; no explicit mention is made of
 what could lead to such a revocation). 

     I find no rationale for this. At the very least, this should
 explain who ``we'' are; If ``we'' is the Project as a whole, this
 makes sense, if ``we'' is just the DSA member, this is too much power
 with too little checks (I am told that the DPL can fire the DSA
 member and order a unrevocation, but why this granting of power in
 the first place?).

     The DMUP needs to clearly delineate what class of activities can
 cause such an actin to be taken, and who is authorized to reach that
 decision (The DPL alone, a general resolution, the NM team, etc). 

          I think that revoking accounts when the DMUP has not been
 violated should require the approval of the developer community as a

        There seem to be some strange restrictions. For example:

        Debian does not have any Usenet news servers. It may be that
        some of the Debian machines have access to such a news server,
        but their use through Debian machines is strictly forbidden.

        Why is using a newreader  on Debian machines strictly
 forbidden?  (Incidentally, on IRC, Jason and AJ insist that the
 paragraph above explicitly allows access to usenet servers, and they
 say the intent was not to forbid access. Not being a teleapth, I took
 the policy document at its word, and if indeed the intent was not to
 prohibit, this error needs be corrected. If the intent is to restrict
 access. why?)


                2.The offender will be required to contact the
                  Debian Systems Administration and convince
                  us that there will be no further breaches of the
                  DMUP by the offender. 

       This should be the developer community, or perhaps the NM team,
 not just the DSA.  Indeed, I think that the full community should be
 involved, there is no need to keep this behind closed doors.


 Branden>   The DMUP does not address at what point the NM team and/or DPL are
 Branden>   involved in the process of determining the disciplinary action to be
 Branden>   taken once a possible offense has come to the project's attention.
 Branden>   I presume it is the resposibility of the DSA to enforce measures
 Branden>   relating to logins and accounts, and the NM team regarding key
 Branden>   management, but none of this is spelled out in the DMUP.

Branden>   The DMUP takes an adversarial stance towards the people who
Branden>   are expected to abide by it.  That is destructive to our
Branden>   spirit of community.  
 The human animal differs from the lesser primates in his passion for
 lists of "Ten Best". Allen Smith
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to: