[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Review of personal information sources in Debian


I've recently done a review of personal information sources in Debian,
which I'd like to share here both because I don't think this has been
done before, and to check if I missed anything.

These are all the places I can think of, where we store personal

 - nm.debian.org
 - the Debian keyring
 - alioth.debian.org (for -guest accounts)
 - debian/ directory in packages (control and changelog)
 - mailing list archives

Let's go into details.

 * Mailing lists, packages, alioth

One has total control over the email address used to post to mailing
lists, over their alioth -guest account information, and over what
information is used in debian/control and debian/changelog.

Everything goes as long as uploads are signed with the GPG key of a DD
(or DM), who takes responsibility for what goes in.

 * The OpenPGP key in the Debian keyring

Not much to say here: your key goes in the keyring with whatever
information you put into it, and is publicly exported.

For the key to enter the keyring in the first place, some ID check is
required, generally in the form of having other DDs sign some identities
on your key.

http://keyring.debian.org/ has details on managing it.


LDAP is the place where we turn to for real life needs, and where we
would like to have real personal information.

A subset of LDAP contents (first/middle/last names, key fingerprint,
irc/jabber/icq contact info if provided) are publicly exported via
db.debian.org, both on the web and over finger.

The real name from LDAP is also exported via the GForge interface in
Alioth: https://alioth.debian.org/users/enrico and via nm.debian.org:

 * nm.debian.org

nm.debian.org is only storing NM related information, and piggybacks on
LDAP for personal information. The idea is that we want to reduce
maintenance costs, so we try to reuse existing information sources.

The site is most notably the authoritative place to know the status of a
person in Debian (DD, DM, ...). It also stores all information related
to changes of status, like advocates, process history and AM history,
which is publicly exported only partially, so that the process log can
be updated freely without worrying of it showing up in internet search

It's partial (DM processes aren't yet tracked, for example) but getting

Given that it acknowledges someone's status in the project, it lends
itself to be used to credit someone's contributions and reputation. For
example, I find myself using the People search function a lot, combined
with the DDPO and Portfolio links, as well as the changelogs link once
you're logged in.

It has been pointed out, and I agree, that we should not publish real
names unless where necessary, so that one can associate their
Debian-related reputation with the online persona they prefer: for
example, one may be known in the general developer community mostly via
a nickname, and would prefer Debian-related search results to also show
up under that nickname.

Did I miss anything in this review? Is everything represented correctly?



GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini <enrico@enricozini.org>

Attachment: signature.asc
Description: Digital signature

Reply to: