Lars Wirzenius wrote: >> Having hundreds of (potentially unsafe) keys with upload rights to >> our archive, which isn't actually needed in many many cases is one >> thing; allowing all these keys to approve or delete members is >> another. > > Since any changes need to be easy to undo, and we need safeguards around > such decisions anyway, I don't see a problem. For example, there could > be a time-delay between adding a new member and the time when they can > actually log in. Ditto for removing a member. Or implementing something like the suggestion from Michael Hanke[0], making the process open, but not immediate. Giving enough time and opportunity to those currently working to filter changes _in_, to start filtering changes _out_. However, I don't get how the interaction between DAM approval and the free-for-all editing of keyring is supposed to work out. If any DD (or whatever you call if) has the right to make changes to the keyring, what's the use of DAM endorsement vs veto counting? I figure this could be implemented automatically, like a .commands file with multiple signers as endorsements and another (possibly also multi-signed) .commands file as a veto. And I second the thought that counting just votes as keep-alive is perhaps too strict. Aside from that, I agree with the idea. Cheers [0] http://lists.debian.org/debian-project/2008/10/msg00154.html -- Leo "costela" Antunes [insert a witty retort here]
Attachment:
signature.asc
Description: OpenPGP digital signature