[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Alternate proposal for Declassification of debian-private archives

On Thu, Dec 01, 2005 at 07:06:12PM -0800, Russ Allbery wrote:
> Anthony Towns <aj@azure.humbug.org.au> writes:
> > As Matthew pointed out in [0] this expectation of privacy isn't really
> > that strong, fundamentally because -private is open to anyone who joins
> > Debian, and Debian's open to anyone joining it.
> > [0] http://lists.debian.org/debian-vote/2005/11/msg00033.html
> Through the New Maintainer process, which isn't exactly everyone *and*
> which requires that anyone joining agrees to a fairly extensive set of
> conduct guidelines.  

Huh? As far as conduct guidelines go, there's "give us a gpg key, do you
know how to use it?", there's "Do you agree to uphold the Social Contract
and the DFSG in your Debian work?" and there's "Do you accept the Debian
Machine Usage Policies?" I wouldn't call that extensive by any means --
it's certainly no BYU Honor Code. And it only refers to your work on
Debian; if a Microsoft spy wants to join Debian and poke at our internals
to see what's going on, that's entirely okay: as long as she or he doesn't
try hiding bugs within Debian, hiding them at Microsoft is still fine.

More importantly though, those are just our current requirements for
becoming a developer; in the past they've been much weaker ("send a
mail to Bruce"), in the future they might be stronger, weaker, or a
combination ("becoming a developer is easy, but that only gives you
limited permissions, you'll need to do more before you can NMU the kernel
or glibc on your own", eg).

> Because of that, I'm not convinced by this
> counter-argument, except possibly for those messages sent to
> debian-private back when it was far easier to join the project (and even
> still, I think there was always a weeding factor).

In '98, when I joined, it was sufficient to send a mail to new-maintainer
indicating what you planned on doing, that you had a key, and that
you'd read the social contract, and then had a phone call with Joey
or James to prove you really existed. My package was the non-free
distributed-net-pproxy, and my experience was that I'd had a few Debian
installs (and hey, there's a mail I could point you at... on -private).

The weeding factors we now have are due to the fact that we don't have
a good way of absorbing as many new members as we could get. There's
a few threads on -private that it'd be helpful to refer to to support
that point too... :-/


Attachment: signature.asc
Description: Digital signature

Reply to: