Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)
In message <[🔎] 20000801202137.A2720@ulysses.dhis.net>, Marcus Brinkmann writes:
>On Tue, Aug 01, 2000 at 08:06:55PM +0200, Nils Lohner wrote:
>> In message <[🔎] 20000801194659.C2325@ulysses.dhis.net>, Marcus Brinkmann writes:
>> >On Tue, Aug 01, 2000 at 01:07:24PM -0400, Gopal Narayanan wrote:
>> >> Membership is a privilege,
>> >
>> >The privilege to work, or what?
>> >
>> IMO the privilege to be trusted to contribute to Debian,
>
>Thousands of people contribute to Debian without even knowing it. We still
>use some upstream sotfware.
>
Marcus, they don't write the software directly for Debian, they write the
software for other reasons. Those that do write things to directly aid
Debian I'm sure are very welcome in the project. Authors are authors, and
Debian developers are Debian developers. Please don't make arguments by
abstracting statements like that without the proper context; it doesn't get
us anywhere concerning the core point.
>> represent it well
>
>I am not sure. Only some delegates and the project leader may represent
>Debian. Other people might try and if they do it well, get the backing of
>the project. If they don't, I don't want to know what will happen. I can't
>just say "foo, and I represent Debian".
>
There have been several discussions about this in the project (not all were
public) and (I think this was the general consensus afterwards) if you are a
developer and misbehave sufficiently actions can be taken. Any community
has rules and regulations, even if they may only be implied in some cases,
and going against those is looked down and/or upon.
>> and to adhere to the social contract
>
>I can do it anyway.
>
>> and support the DFSG
>
>I can do it all the time, and lots of people do without being Debian member.
>
Neither of the two points above are logical arguments to counter my point.
Many people do it anyway of their own free will, but Debian developers are
expected to adhere to them. That's the difference. You're free to act like
a vegetarian without joining Vegetarian's Anonymous (ok, so I couldn't think
of a better example :) but if you do you adhere to their rules.
>> The trust goes to the fact that
>> thousands of users rely on the packages that you upload not containing
>> trojans and other code harmful to their systems.
>
>They also rely on the upstream software, the CD resellers, the internet and
>so on.
>
Agreed. But then again, if you trust the author, CD, etc. but not the
developer, the chain of trust is broken. Now consider this: when you
install software, you automatically trust the author(s) I assume. Files
downloaded across the net and installed from CDs can be verified by keys.
However: only Debian can convey any kind of trust about the package
maintainer. If this trust is not there, all of Debian suffers because of
this lack of trust. This is why it is important to be able to trust each
developer (and his identity!) to at least be able to tell end users that if
some package at some point does have some Evil included in it, it can at
least be _traced_.
So: no confirmed identity -> no traceability -> less end user trust.
>> This is my opinion, and if this attitude ever changes in Debian to
>> something contrary, I don't think that I'll stick around long.
>
>I am rather scared by a statement that effectively assumes that being part
>of Debian is a "privilege" that needs to be protected by people who
>probably want to abuse it.[1] The only privileges you have as a Debian
>maintainer is: Upload packages with a name that already exists to
>the archive (overriding the existing package with that name) and reading
>debian-private.
>
I think that this again is explained by the point of trust I just made.
Please consider this, and understand why its so important. It's too easy
for one person to break the trust in Debian as a whole by botching packages,
for example. That's why these particular privileges you mention must not be
handed out to just anyone.
As far as being part of Debian being a privilege, yes, for me (and I'm sure
for most others) it is. Please note however that this does not mean it
should be hard to be accepted: it just means that you have to fit certain
criteria in order to join.
>
>[1] Because it furthers elitarism and doesn't further the idea that
>volunteers effort is worth it. Please think about it: Saying Debian is a
>"privilege" puts the value on the abstract Debian entity. I prefer to think
>of the volunteers time and contribution as the value.
>
Off course it puts a value on the entity. When you see Debian mentioned on the net, (or any other entity for that matter) don't you automatically associate a sentiment with it? (same for countries, sports teams, you name it).
Yes, volunteers are the base of Debian and without it would not exist, but these volunteers have all helped Debian become what it is today and I think that the NM people are doing their part to help maintain the Debian project's reputation etc. in the community.
I hope that I've explained a little more clearly what I meant... please don't take it as direct criticism, but this conversation has come up several times before in other places and I wanted to be sure that my points got across.
Thanks, Nils.
Reply to: