Re: Debian Membership

To: debian-project@lists.debian.org, debian-newmaint@lists.debian.org
Subject: Re: Debian Membership
From: Frans Pop <elendil@planet.nl>
Date: Sat, 14 Mar 2009 18:05:22 +0100
Message-id: <[🔎] 200903141805.34723.elendil@planet.nl>
In-reply-to: <[🔎] 20090314162449.GA22881@enricozini.org>
References: <[🔎] 20090314100358.GQ6307@matthew.ath.cx> <[🔎] 200903141625.31376.elendil@planet.nl> <[🔎] 20090314162449.GA22881@enricozini.org>

On Saturday 14 March 2009, Enrico Zini wrote:
> Yes, and there are cheaper ways than getting the black hat to become a
> full DD: with a thousand of DDs we have a thousand possibly vulnerable
> points of entry.  Frankly, if anyone wanted to attack Debian, they'd
> have to be remarkably silly to plan to do it through becoming a DD.

Somehow my original message has gotten an emphasis that I never put in it.

I have NOT said: we should not change our membership procedures because we 
would get flooded with people with bad intentions.

What I did say is: the current procedure has a relatively high barrier of 
entry which, as a side effect, does help *to some extend* to deter people 
with bad intentions.

My main point was: let's take that aspect into account while we decide on 
a new procedure.

IMO this is an argument against schemes like "3 votes from random DDs and 
you're in", which has been proposed.
Maybe that could be done if we radically change our identification 
requirements. Currently you only have to go to e.g. Fosdem and you can 
get your key signed perfectly anonymously (assuming a reasonably good 
looking fake ID) by 2 (and more) DDs.

> ...back to the main thread:
>
> I completely agree with not making it too easy to enter Debian, purely
> from a point of view of Quality Assurance.

Yes, that is of course the main factor.

> However, we have had and do have several uncontroversially outstanding
> and very active people in need of an account, and they should be kicked
> *in*, and fast.  As an AM I've seen a few, and inflicting a long NM
> process on them is a waste: their skills and passion are better
> employed in continuing their good work on Debian.

Agreed as well, which matches what I've said in earlier mails: there is no 
reason to keep people out if people have shown dedication through 
sustained good quality work. And I also know some of the examples where 
we've failed to let dedicated people in.

> Ultimately, it boils down to the AM's faculty of judgement.  But if we
> change anything, whatever we devise ought to be a barrier for people
> who are not good (or not ready) and at the same time must not be in the
> way of people who have been and are doing good serious work.

I'd like to keep some system where at least at some point a kind of 
consistent review is done, but if an AM makes a strong recommendation 
supported by good arguments to allow someone while him/her having passed 
all formalities, then I'm all for it. Hell, that's exactly the way I got 
in.

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

References:
- Debian Membership
  - From: Matthew Johnson <mjj29@debian.org>
- Re: Debian Membership
  - From: Frans Pop <elendil@planet.nl>
- Re: Debian Membership
  - From: Enrico Zini <enrico@enricozini.org>

Prev by Date: Re: Debian Membership
Next by Date: Re: Debian Membership
Previous by thread: Re: Debian Membership
Next by thread: Re: Debian Membership
Index(es):
- Date
- Thread