Re: It's all about trust
On 27/10/08 at 17:20 +0100, Raphael Hertzog wrote:
> On Mon, 27 Oct 2008, Lucas Nussbaum wrote:
> > On 27/10/08 at 16:40 +0100, Raphael Hertzog wrote:
> > > On Mon, 27 Oct 2008, Lucas Nussbaum wrote:
> > > > > - this process might be too heavy with fine-grained privileges as it would
> > > > > require the intervention of many DD each time we have to grant a right
> > > > > (when trusting the decision of 2 members with special rights would be enough).
> > > >
> > > > That's why I don't think that it's a good idea to play with a lot of
> > > > different privileges. Privileges should be granted when they are
> > > > necessary to do something, and if you are a DD, you should be able to
> > > > easily get any privilege you need to do your work. You are already
> > > > trustworthy, so there's no need to double-check everything you do.
> > >
> > > If I advocate someone based on some perl modules, I trust him to handle
> > > any perl modules reasonnably well but I certainly don't trust him to
> > > package a new library. I do trust some people to refrain from doing stupid
> > > things with their DD powers but that kind of trust comes with much more
> > > time and interaction. It's not the kind of trust that I would give to
> > > anyone that has only proven that he's able to package perl modules. And
> > > yet we want to give that contributor some immediate reward for his work.
> > If someone is only trustable to package perl modules, shouldn't he be a DM
> > instead of a DD?
> We might want him to be able to package new perl modules on his own? Where
> do you draw the line? If you maintain 20 or 50 perl modules?
We could improve DM so that it's possible to say "this DM has the right
to upload any of the packages tagged
perl-module-maintained-by-the-perl-team". New packages would still have
to be sponsored by a DD, though.
| Lucas Nussbaum
| firstname.lastname@example.org http://www.lucas-nussbaum.net/ |
| jabber: email@example.com GPG: 1024D/023B3F4F |