[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)

On Wed, Aug 02, 2000 at 03:43:12AM +1000, Anand Kumria wrote:
> > Membership is a privilege, and if you have to take a couple of
> > bureaucratic steps, so be it. You don't haggle with your passport
> > office about providing your passport photos, do you? If you need to
> 
> Actually I do -- but that is an entirely different story.
> 
> If you understand how passports work you have one person (in some
> countries of a particular occupation, e.g doctor, lawyer, etc.)
> who can authenticate to the government that you are who you say 
> you are.
> 
> In the Debian country you could liken that person to existing maintainers.
> 
> Dale's process says that existing maintainers are not able to authenticate 
> aspiring maintainers who they have confirmed the identity of. Essentially
> we cease to trust existing developers.

Even in the case of passports, it is a two-step process. First step,
is as you allude to, you have a notarized signature, from say a doctor
or lawyer, stating that you are who you are. In addition, you need a
photograph *for the record*. The photo on your passport is one of the
pieces of identification, the other is your signature [Of course, both
can be forged, I don't want to get into that]

All, I am saying is that the photo id requested does not mean that
existing developers are not to be trusted. It is an *additional* piece
of documentation that goes into the new-maintainer/developer's file. I
think some sort of traceability is good. As debian maintainers, we can
upload packages. If I am malicious and crafty enough, I can put a
trojan horse in my package that can cause a lot of financial damage to
some company/institution. Debian can be held responsible for this act
of vandalism. Simply put, the debian new-maintainer team now at least
has *some* pieces of identification on who I am. As debian
maintainers, we have a lot of responsibility. Users take for granted
that the software they download from our website, or CDs are
secure. Debian maintainers are the first points-of-contact for the
package they maintain, and hence, we as an organization should have a
reasonable idea of who the maintainers are.

> 
> > travel abroad, you do the needful to *apply* for a passport. After a
> > loong discussion, I believe the current procedures have been adopted
> > for applications for new members, and IMO they are equitable and
> > reasonable.
> 
> I'm not if you have read the archives -- I have. I posted a long
> summary on the nm-admin (or nm-discuss) mailling list. It'll 
> certainly be in the archive if you care to look (Since it was in March
> it'll take me more effort than I have at 0330 to find).

I couldn't find your summary. The archives on the web only lists the
July archive. 


-- 
Gopal Narayanan <gopal@debian.org> <gopal@astro.umass.edu>
Debian GNU/Linux Developer
Dept. of Astronomy, University of Massachusetts, Amherst
Reply to: