[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Membership

On Sat, Mar 14, 2009 at 04:25:21PM +0100, Frans Pop wrote:
> On Saturday 14 March 2009, Micah Anderson wrote:
> > All of this is just fun wingnut ramblings, but I think serves to
> > illustrate that the artificial barrier imposed by the arduous NM
> > process is not that significant of a difficulty for getting inside
> > Debian and we cannot use this as mechanism for making Debian "secure".
> Against a seriously determined and well-funded black hat? No, of course 
> not. I totally agree with that.

Yes, and there are cheaper ways than getting the black hat to become a
full DD: with a thousand of DDs we have a thousand possibly vulnerable
points of entry.  Frankly, if anyone wanted to attack Debian, they'd
have to be remarkably silly to plan to do it through becoming a DD.

...back to the main thread:

> But at the same time I do feel it is an effective barrier against the 
> thousands of "wouldn't it be fun if" black hat wannabes and even against 
> black hats who work without the benefit of a supporting organization.

I completely agree with not making it too easy to enter Debian, purely
from a point of view of Quality Assurance.  It's as simple as saying
that if someone isn't careful with what they do, they should not be
given unsupervised upload rights: it's likely that they'd break things,
and the cost of going and fixing someone's mess is usually higher than
the cost of doing the thing right in the first place.  Mistakes happen,
but their probability should be kept low.

However, we have had and do have several uncontroversially outstanding
and very active people in need of an account, and they should be kicked
*in*, and fast.  As an AM I've seen a few, and inflicting a long NM
process on them is a waste: their skills and passion are better employed
in continuing their good work on Debian.

Ultimately, it boils down to the AM's faculty of judgement.  But if we
change anything, whatever we devise ought to be a barrier for people
who are not good (or not ready) and at the same time must not be in the
way of people who have been and are doing good serious work.

IOW, when you get in the way of poor contributions it's called quality
assurance, but when you get in the way of good contributions it's called
bureaucracy.  It's extremely important to always keep the difference in



GPG key: 1024D/797EBFAB 2000-12-05 Enrico Zini <enrico@debian.org>

Attachment: signature.asc
Description: Digital signature

Reply to: