Re: Fear the new maintainer process

To: debian-project@lists.debian.org
Subject: Re: Fear the new maintainer process
From: Anand Kumria <wildfire@progsoc.uts.edu.au>
Date: Mon, 31 Jul 2000 00:55:48 +1000
Message-id: <[🔎] 20000731005548.A12428@ftoomsh.progsoc.uts.edu.au>
Reply-to: debian-project@lists.debian.org
In-reply-to: <[🔎] 20000730142208.B871@cistron.nl>; from wichert@cistron.nl on Sun, Jul 30, 2000 at 02:22:09PM +0200
References: <[🔎] 20000726125740.A405@ulysses.alg.ruhr-uni-bochum.de> <[🔎] 20000726145912.A23305@pa4tu> <[🔎] 20000727061109.Z12428@ftoomsh.progsoc.uts.edu.au> <[🔎] 20000730142208.B871@cistron.nl>

On Sun, Jul 30, 2000 at 02:22:09PM +0200, Wichert Akkerman wrote:
> Previously Anand Kumria wrote:
> > Applicants whose keys are signed by existing developers must still
> > submit a photographic ID of themselves.
> 
> This is not true as far as I know.

Well two developers have already pointed out otherwise; plus this:

<URL: http://www.debian.org/devel/join/nm-step2>

It talks about an "eyeball" and "handshake" portion (whatever they are)

To satisfy the "handshake" portion you are supposed to provide a key
and an image signed with that key.

To satisfy the "eyeball" portion one means is to have your key signed by
a nother developer. This is, as far as know, how all the AMs have read and 
interupreted this.  In fact I don't recall anyone using clauses 2 or 3
to close the "eyeball" loop.

Jim and Dale are, as I understand things, new-maintainer@debian.org.

Jim, in Message-ID: <XFMail.20000720080255.jwest@netnw.com>, says:

"A gpg key signed by another developer, is just a signed key; it                 is not the same thing as a photo ID signed with that private                    key."

While he does later add "just my 2 cents", Dale has said similiar things
as well (I did a summary of them in March on the mailing list).

I think the identification step should be in two halves:

- An applicant must have a public key.

1. The key must be acceptable to GNU Privacy Guard (GnuPG) without
additional (non-free) modules
2. The key must be self-signed

If an applicants key is already signed by an existing Debian Developer, the
identification step is deemed complete. Continue with Step 3 and exit Step 2.

- An applicant should provide another means of identifying themselves

This applies if the applicants key is not already signed by an existing
Debian Developer. Some possible means are:

1. A signed image of themselves
2. A reference by someone known to both the applicant and the AM (e.g. Linus)
3. (potentially) A well known signatory on their public key (e.g. RMS)
4. Some other means acceptable to both the applicant and the AM.

I list 3 as a potential as this possibility does not currently exist
in closing the "eyeball" section.

Anand

Reply to:

Follow-Ups:
- Identification step in the current scheme (Re: Fear the new maintainer process)
  - From: Taketoshi Sano <sano@debian.org>

References:
- Fear the new maintainer process
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: Fear the new maintainer process
  - From: Joop Stakenborg <aba@casema.net>
- Re: Fear the new maintainer process
  - From: Anand Kumria <wildfire@progsoc.uts.edu.au>
- Re: Fear the new maintainer process
  - From: Wichert Akkerman <wichert@cistron.nl>

Prev by Date: Re: Fear the new maintainer process
Next by Date: Identification step in the current scheme (Re: Fear the new maintainer process)
Previous by thread: Re: Fear the new maintainer process
Next by thread: Identification step in the current scheme (Re: Fear the new maintainer process)
Index(es):
- Date
- Thread