On Saturday 14 March 2009, Enrico Zini wrote: > Yes, and there are cheaper ways than getting the black hat to become a > full DD: with a thousand of DDs we have a thousand possibly vulnerable > points of entry. Frankly, if anyone wanted to attack Debian, they'd > have to be remarkably silly to plan to do it through becoming a DD. Somehow my original message has gotten an emphasis that I never put in it. I have NOT said: we should not change our membership procedures because we would get flooded with people with bad intentions. What I did say is: the current procedure has a relatively high barrier of entry which, as a side effect, does help *to some extend* to deter people with bad intentions. My main point was: let's take that aspect into account while we decide on a new procedure. IMO this is an argument against schemes like "3 votes from random DDs and you're in", which has been proposed. Maybe that could be done if we radically change our identification requirements. Currently you only have to go to e.g. Fosdem and you can get your key signed perfectly anonymously (assuming a reasonably good looking fake ID) by 2 (and more) DDs. > ...back to the main thread: > > I completely agree with not making it too easy to enter Debian, purely > from a point of view of Quality Assurance. Yes, that is of course the main factor. > However, we have had and do have several uncontroversially outstanding > and very active people in need of an account, and they should be kicked > *in*, and fast. As an AM I've seen a few, and inflicting a long NM > process on them is a waste: their skills and passion are better > employed in continuing their good work on Debian. Agreed as well, which matches what I've said in earlier mails: there is no reason to keep people out if people have shown dedication through sustained good quality work. And I also know some of the examples where we've failed to let dedicated people in. > Ultimately, it boils down to the AM's faculty of judgement. But if we > change anything, whatever we devise ought to be a barrier for people > who are not good (or not ready) and at the same time must not be in the > way of people who have been and are doing good serious work. I'd like to keep some system where at least at some point a kind of consistent review is done, but if an AM makes a strong recommendation supported by good arguments to allow someone while him/her having passed all formalities, then I'm all for it. Hell, that's exactly the way I got in.
Description: This is a digitally signed message part.