Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)

To: debian-project@lists.debian.org
Subject: Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)
From: Gopal Narayanan <gopal@debian.org>
Date: Wed, 2 Aug 2000 18:18:38 -0400
Message-id: <[🔎] 20000802181838.A12941@fcrao1.astro.umass.edu>
Mail-followup-to: debian-project@lists.debian.org
In-reply-to: <[🔎] 87punrwdv6.fsf@magrathea.outer.space.org>; from Detlev Zundel on Wed, Aug 02, 2000 at 11:29:49PM +0200
References: <[🔎] Pine.LNX.3.96.1000802190808.30031E-100000@dwarf> <[🔎] 87punrwdv6.fsf@magrathea.outer.space.org>

On Wed, Aug 02, 2000 at 11:29:49PM +0200, Detlev Zundel wrote:
> The scanned ID step is a prominent example of such a "test" of
> determinedness (and nothing more) because I think everybody agrees
> that the scanned ID does _not_ improve the trace-ability of applicants
> in the case where a Debian member has done the identification.

The scanned ID, I think improves the traceability a whole lot over the
alternative. Because, where the debian member has done the identification (by
signing the prospective applicant's key), there is absolutely no
traceability. Do you keep a copy of the applicant's photo-id or
address with you when you sign somebody's key?

> 
> I know this will provoke emotional reactions but I can remember
> Richard Stallmann explaining why there were no passwords on the early
> systems at MIT.  He said something like (cited from memory) - it was
> easier to "fix the person" than to change the whole system.

Oh come on, even RMS would not favor such an approach in today's
environment. By that I mean the wide-open internet and security
breaches galore all over the place. What we keep forgetting here, is
that we as an organization are responsible for what we deliver (even
if we are just volunteers!). If we have *no traceability* of our
members, any malevolent person that got admitted has the enormous
potential of wreaking havoc in thousands of machines across the globe,
and we would have no way of tracking down the crime, other than we
know that the offending package originated from Joe Hacker
<jhacker@debian.org>.

> 
> That is the point.  If there is such a large commotion over this then
> why not invoke the democratic process and let the project decide?  Off
> the head I can remember only one voice in favour of scanned IDs in all
> cases.  This is not enough in a democracy.
> 

Throw my hat in for scanned IDs too. If you and enough people feel
strongly about it, maybe you should organize a CFV on it, instead
of protesting about democracratic norms, which is fully enabled by our
organization.

>From my part, I like what William Ono proposed elsewhere in this
thread, and I would like to offer my services as well. If it is such a
problem to send in scanned IDs, any would-be applicant can contact me
by email, and send me a photocopied hardcopy of the ID, and I will
scan the document for them at no charge. Right now, I am not part of
the NM-team, but maybe I ought to be.

Gopal.

-- 
Gopal Narayanan <gopal@debian.org> <gopal@astro.umass.edu>
Debian GNU/Linux Developer
Dept. of Astronomy, University of Massachusetts, Amherst

Reply to:

References:
- Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)
  - From: Dale Scheetz <dwarf@polaris.net>
- Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)
  - From: Detlev Zundel <detlev.zundel@stud.uni-karlsruhe.de>

Prev by Date: Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)
Next by Date: Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)
Previous by thread: Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)
Next by thread: Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)
Index(es):
- Date
- Thread