Le vendredi 24 octobre 2008 à 11:44 +0300, Lars Wirzenius a écrit : > I think we should go in the opposite direction: massively simplify > the whole membership thing. In a single word: yes. We need something simple and efficient. I agree with pretty much everything you propose, although I think some minor things can be tweaked. > Proposal > -------- > > * People should be allowed to join Debian when there is reasonably > wide-spread consensus that they agree with the project's goals, are > committed to working on those goals, and are trustworthy. The best way > to determine this is to have some number of people endorse a candidate. > However, there should not be too much opposition to a candidate, either. > > Concrete proposal: max(Q, 20) endorsements, two existing members > together can veto. The veto can be done anonymously via the Debian > Account Manager to avoid peer pressure to not veto. The DAM only > counts the endorsements and vetos, and does not make judgement calls. > All endorsements and vetos must happen within 30 days. I don’t think there is much peer pressure to not veto, but making them anonymous is not a big deal. The important thing is that a veto must be motivated; otherwise, two project members could block the whole process. > * Membership in the project gives both voting and upload rights. > > * Membership ends 24 months after they're given, or after the latest > participation in a vote arranged by the project's Secretary. Members > may retire themselves earlier, of course. I’d add counting uploads as well as votes, while making the process quicker. 12 months seems more than enough, maybe even 6. As long as you can easily become a member again later, that’s fine. > * Members may be expelled via the normal General Resolution process, with > a simple majority. Ftpmasters may temporarily limit upload rights in an > emergency. > > * Membership is controlled via GnuPG keyrings, primarily maintained by the > Debian Account Manager. The keyrings shall be maintained in a way that > allows any member to change them, and that is fully transparent to the > members in general, and that further makes it easy to undo mistakes. I think this is a key change, and one that makes much sense. As we expect the same level of trust from the keyring maintainer as from other maintainers, the best thing is to simply maintain the keyring like any other package. No more waiting for months because you revoked your key. No more waiting for months after being accepted. If the keyring maintainer doesn’t have time, a NMU is fine. Thanks for the straightforward proposal, this is the kind of change that we need to be more efficient and to bring back the fun. -- .''`. : :' : We are debian.org. Lower your prices, surrender your code. `. `' We will add your hardware and software distinctiveness to `- our own. Resistance is futile.
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=