On Fri, Apr 17, 2015 at 09:09:01AM +0200, Kurt Roeckx wrote: > On Thu, Apr 16, 2015 at 09:28:34PM -0500, Gunnar Wolf wrote: > > Kurt Roeckx dijo [Fri, Apr 17, 2015 at 12:45:37AM +0200]: > > > On Thu, Apr 16, 2015 at 10:41:52PM +0100, Jonathan McDowell wrote: > > > > > > > > Sadly this list is trivially proved inaccurate > > > > > > So I have no source at all that is can tell me the number of DDs? > > > > You can fetch the number of active DD keys [1,2], and add to it the > > number of removed 1024D keys . When a person who had their key > > removed due to being too short presents a new key, we take the old one > > out of the removed-1024 tree as well. People with 1024D keys cannot > > vote, but don't lose their DD status. > > As far as I know relying on the keyring and ldap has always been > incorrect. The number was always off by a few. I've never quite understood why LDAP isn't accurate, but I couldn't figure out a simple query and even '(&(gidNumber=800)(!(shadowExpire=1))(objeass=debianDeveloper))' gives 988 entries of which some are incorrect. 3 of these have no key: adeodato, flatmax + schizo. flatmax has a lost key. adeodato + schizo are account renames and I'm not sure why the old ones are still around as active. 2 of those with fingerprints are keys that have been moved to emeritus but don't seem to have been cleaned up; they did not have RT tickets so I suspect they got missed and I have already filed an RT ticket for DSA to sort them out. 2 others of those with fingerprints are DDs with lost or revoked keys. The astute will notice that this leaves 981 keys, whereas I counted 983 keys in the keyrings. It turns out there are 2 DDs who have removed 1024 bit keys but who have locked LDAP accounts (issue with SSH key on one, "DSA locked" on the other as comments). Anyway. The 2 things to take away are a) yes, it's depressingly hard to work out how many voting members Debian has and b) the answer is 986 at present. > > Of course, the only authoritative number should be in the hands of > > DAM. But we have something, uh, quite close to it. > > It's was my understanding that DAM says that nm.debian.org is > authoritative. That is the eventual goal but at present various pieces of information are manually updated. Enrico and keyring-maint have been working on making it easier for nm.d.o to track keyring changes but there's still more to be done before this is complete. There's a vague plan to get this done during DebConf if not before. J. -- Revd Jonathan McDowell, ULC | Interesting concept.
Description: Digital signature