[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: apt 0.6 and how it does *not* solve the problem

On Mon, 23 Aug 2004 09:34, Geoff <geoff.crompton@bjhcontrols.com.au> wrote:
> There is an elaborate system to maintain quality in new Debian
> developers (which seems like a good idea to me). Why not have some sort
> of system for ensuring the quality in continuing DD?
> If a DD didn't meet the criteria they would go into an inactive list,
> and if they stayed in the inactive list for 3 months, would go into the
> retired list, and their gpg keys _somehow_ invalidated. Is it possible
> on a gpg key server to mark a key as invalid, with out access to the
> private key?

Sounds like a reasonable idea.  We can't automatically make the key invalid.  
But we can have a central Debian key that's used to sign the keys of all 
developers.  If such a signature was revoked then it would show the change in 
status of the developer.

Removing developers who don't meet certain criteria (EG no package uploads for 
6 months) from active status makes a lot of sense.  Anyone care to propose a 
GR?

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page
Reply to: