Hello, I've recently done a review of personal information sources in Debian, which I'd like to share here both because I don't think this has been done before, and to check if I missed anything. These are all the places I can think of, where we store personal information: - LDAP - nm.debian.org - the Debian keyring - alioth.debian.org (for -guest accounts) - debian/ directory in packages (control and changelog) - mailing list archives Let's go into details. * Mailing lists, packages, alioth One has total control over the email address used to post to mailing lists, over their alioth -guest account information, and over what information is used in debian/control and debian/changelog. Everything goes as long as uploads are signed with the GPG key of a DD (or DM), who takes responsibility for what goes in. * The OpenPGP key in the Debian keyring Not much to say here: your key goes in the keyring with whatever information you put into it, and is publicly exported. For the key to enter the keyring in the first place, some ID check is required, generally in the form of having other DDs sign some identities on your key. http://keyring.debian.org/ has details on managing it. * LDAP LDAP is the place where we turn to for real life needs, and where we would like to have real personal information. A subset of LDAP contents (first/middle/last names, key fingerprint, irc/jabber/icq contact info if provided) are publicly exported via db.debian.org, both on the web and over finger. The real name from LDAP is also exported via the GForge interface in Alioth: https://alioth.debian.org/users/enrico and via nm.debian.org: https://nm.debian.org/public/person/enrico * nm.debian.org nm.debian.org is only storing NM related information, and piggybacks on LDAP for personal information. The idea is that we want to reduce maintenance costs, so we try to reuse existing information sources. The site is most notably the authoritative place to know the status of a person in Debian (DD, DM, ...). It also stores all information related to changes of status, like advocates, process history and AM history, which is publicly exported only partially, so that the process log can be updated freely without worrying of it showing up in internet search results. It's partial (DM processes aren't yet tracked, for example) but getting better. Given that it acknowledges someone's status in the project, it lends itself to be used to credit someone's contributions and reputation. For example, I find myself using the People search function a lot, combined with the DDPO and Portfolio links, as well as the changelogs link once you're logged in. It has been pointed out, and I agree, that we should not publish real names unless where necessary, so that one can associate their Debian-related reputation with the online persona they prefer: for example, one may be known in the general developer community mostly via a nickname, and would prefer Debian-related search results to also show up under that nickname. Did I miss anything in this review? Is everything represented correctly? Ciao, Enrico -- GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini <enrico@enricozini.org>
Attachment:
signature.asc
Description: Digital signature