Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)

To: nm-admin@cipsa.physik.uni-freiburg.de, debian-newmaint-discuss@lists.debian.org, debian-project@lists.debian.org
Subject: Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)
From: Dale Scheetz <dwarf@polaris.net>
Date: Tue, 1 Aug 2000 15:28:28 +0000 (GMT)
Message-id: <[🔎] Pine.LNX.3.96.1000801143714.327t-100000@dwarf>
In-reply-to: <20000801024221.D6057@ftoomsh.progsoc.uts.edu.au>

On Tue, 1 Aug 2000, Anand Kumria wrote:

> On Mon, Jul 31, 2000 at 03:06:36PM +0000, Dale Scheetz wrote:
> > I strongly disagree with the interpretation being made here.
> 
>  think you missing, or overlooking three very important things.
> 
> > Every applicant must provide an image file of a photograph of themselves,
> > most desired is a passport or a photo ID, signed with their GPG key, in
> > order to identify themselves to the group. This image is archived by the
> > DAM as the record of the "eyeball" portion of the identification.
> 
> First off, though, I dispute your entire entire eyeball/handshake notion.

Dispute it all you like. This _is_ the principle on which the new
maintainer ID process was founded. You were, ostensibly, a party to the
extensive discussion that went on among the AMs about this very step, as
it was refined from a much more complex process down into what we have
today.

> I've haven't seen anything in real life approaching it. Is this a formal
> social model or a colloquial one?
> 
It is the social model of a club. It is the virtual equivalent of the club
meeting's "meet and great" social interaction that assures members of
nothing more than "this face claims this name".

> > If the key is already signed by a current Debian member, no further
> > identification is necessary. Otherwise the more complex "handshake" clause
> > is executed.
> > 
> > Having a key that is signed by a Debian member, doesnot constitute
> > "eyeball" contact, as many members have admitted that, although they
> > certainly looked at ID during the keysigning, they are not certain that
> > they can still identify the person by face.
> > 
> > Having the assurance that the keyholder is the applicant (this comes from
> > the signature on their key) coupled with the signed image provided by the
> > applicant closes the eye/hand loop. Neither is sufficient without the
> > other.
> 
> No it does not. It allows a false image to be let in (if anything).

A false image doesn't serve the applicant, so unless he is an idiot, why
would he provide such false information? Specially after having provided
correct ID to the signators of his key?

> 
> Essentialy what it boils down to is this.
> 
> Say there is an applicant, for example, Robert van der Meulen. This
> applicant has a public key signed by Wichert, Ray Dassen and Michel
> Onstein.
> 
> The new maintainer process says that these three people aren't competnant 
> enough, aren't trustworthy enough to be able to fully identify a
> potential applicant.
> 
NO!!! That may be what you say, but that is not anything like what the new
maintainer process says about these signatures!

You appear to have been absent during all of the interesing discussions.

The people who signed keys said themselves that they could not with any
sureness identify someone who's key they signed once, long ago. We
realized, after some debate, that the fact that the developer in question
_did_ see a passport/ID during the keysigning process is adequate to
satisfy the handshake criterion. The fact that these keysignings happened
imparts a bit of trust to the keyholder.

> Instead we insist that Robert supply us with a photo, signed by his key
> (in turn signed by the `evil' 3 developers above). For what gain? We can

The gain is that he presents his face to the group, in a form that we can
archive for "our" records, saying, "yes, we have seen this guy". This gain
is to the group as well as to the applicant. There is nothing to be gained
at this point (and much to put at risk) by presenting a false face.

> get assurances that the applicant knows the private key to the public key 
> jyst be insisting he sign the fortune file (or something else easily 
> verifible).

And what is gained by this signed bit of fluff? It presents no face, and
connects nothing to the applicant. The only thing it proves is that the
applicant is capable of signing something.

> 
> I think we should trust existing developers to be compentent key signers. 

Good for you! Now we are on the same page!

> The current procedure buys us nothing but more processing time per applicant
>  (whose key is already signed).

Your insistant confusion on this point buys us nothing. The reason for the
image is quite clear.

> 
> > I would also ask: Do we want to accept people as members who are unwilling
> > to show us their face?
> > 
> > Obvoiusly I don't think so ;-)
> 
> It isn't obvious at all. I would also ask: Do we want to accpet people as
> members who are unwilling to disclose their telephone number?
>
Possibly. The question that is proper to ask here is: Just how shy are we
willing to allow our members to be?

Someone unwilling to provide a contact (like their phone number) isn't
being "social" enough to join this group, as far as I can tell.

> I would also ask: Do we want to accept epeople as members who are unwilling 
> to disclose their home addresses?
> 
> You are probably wondering why I am being some pedantinc about this point
> the reason is this. At the current rate of processing we should have 
> gone through about 300 (or so) applicans and accepted (at least) half of
> them.

It isn't clear just what point you are trying to make here, but your
numbers are a bit flawed. At the moment there are slightly over 200
applicants in the database. This number is within a day or two of being
correct (names are currently being added to the database as the
applications arrive, keeping the database current with reality). Of that
number, about 100 are "in the process" and almost 30 have actually become
account carrying members of Debian, with almost that many waiting for the
DAM's approval and processing. It isn't clear to me that diluting the
identification process would speed things up appreciably.

If you think we should be working faster, I will gladdly assign you some
more applicants ;-)

> 
> It'll mean that, eventually, all maintainers will have their photo ID on 
> file which the DAM. To put it bluntly, if you don't believe you can
> trust the DPL - why should I, or any other, developer trust the DAM?

To put it bluntly this depends upon my TRUSTING the DPL. It is the fact
that we do, in fact, trust our members to take the proper steps when
signing a pgp/gpg key, that allows us to accept additional information
from someone who has such a signed key. I trust the DPL, just like I trust
any other developer, to do the right things when signing a key. While I'm
very good about remembering faces, even I can tell you that after an hour
of signing keys, all the names and faces tend to blur together. This
doesn't make me untrustworthy, it simply makes me human. I did the
handshake, and recorded that physical contact by signing the key. To ask
more than that is being unreasonable. To assert that because of this, the
handshake never took place, and the material sent by the keyholder is
suspect, is also unreasonable to my mind.

> 
> If people choose to make pictures of themselves availale lets keep it
> that -- their choice. 

And just why is your face so ... protected? Why would you wish to hide it?
How are we going to recognize you at the airport, when someone comes to
pick you up for a conference? You had no trouble showing your passport to
several Debian developers, why aren't you willing to show it to the DAM?

Above all, why do you insist on making this relationship such an
antagonistic one. This is not an inquisition, where applicants are dragged
over hot coals to elicit the truth. This is a "meet and great" with some
attempts to "get to know" the applicant. These behaviors insure that the
group knows who the applicant is, and that the applicant knows what the
group is about. These _are_ the principle objectives of the maintainer
application process, not the police state mentality you wish to imply is
driving the process.

Because of the large numbers of applicants that we have to process every
day, just to stay ahead of the incomming flood, we should be looking for
ways to make rejection of an applicant easier, not harder. We can't
possibly take on the 600-900 per year who wish to apply without a
significant "weeding" process. So far the only tool we are using is
"response time" of the applicant, which helps thru-put.

Luck,

Dwarf
--
_-_-_-_-_-   Author of "The Debian Linux User's Guide"  _-_-_-_-_-_-

aka   Dale Scheetz                   Phone:   1 (850) 656-9769
      Flexible Software              11000 McCrackin Road
      e-mail:  dwarf@polaris.net     Tallahassee, FL  32308

_-_-_-_-_-_- See www.linuxpress.com for more details  _-_-_-_-_-_-_-

Reply to:

Follow-Ups:
- Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)
  - From: Matthew Vernon <matthew@sel.cam.ac.uk>
- Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)
  - From: Jim Ziegler <jcz@ziplink.net>

Prev by Date: Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)
Next by Date: Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)
Previous by thread: Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)
Next by thread: Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)
Index(es):
- Date
- Thread