[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Alternate proposal for Declassification of debian-private archives

Anthony Towns <aj@azure.humbug.org.au> writes:

> Huh? As far as conduct guidelines go, there's "give us a gpg key, do you
> know how to use it?", there's "Do you agree to uphold the Social
> Contract and the DFSG in your Debian work?" and there's "Do you accept
> the Debian Machine Usage Policies?" I wouldn't call that extensive by
> any means -- it's certainly no BYU Honor Code. And it only refers to
> your work on Debian; if a Microsoft spy wants to join Debian and poke at
> our internals to see what's going on, that's entirely okay: as long as
> she or he doesn't try hiding bugs within Debian, hiding them at
> Microsoft is still fine.

Okay, maybe extensive is the wrong word.  But what I'm getting at is that
that set of agreements plus the NM process, even though it's not explicit,
has the practical effect of making approved Debian Developers a very
different set of people than the general population.  It doesn't mean that
everyone who becomes a Debian Developer is ethical or trustworthy or any
other specific personal trait, but it does tend to select heavily for
people with a particular set of interests and a particular approach to
community projects.  And you have to go to some work to go through that
screening process and still have a radically different set of personal
priorities than Debian as a project.

I think it's entirely possible that past mail to debian-private has been
sent with the expectation that it will only be read by people who share at
least that degree of similarity of mindset.  I don't expect that it's a
*lot* of mail relative to the whole archive set, but I do think there's
enough of a distinction between the general population there that saying
"well, it wasn't really guaranteed to be private because anyone could join
the project" isn't sufficiently accurate.  The fact of the matter is that
not just anyone can join the project, and (more to the point) not just
anyone *does* join the project.

> More importantly though, those are just our current requirements for
> becoming a developer; in the past they've been much weaker ("send a mail
> to Bruce"), in the future they might be stronger, weaker, or a
> combination ("becoming a developer is easy, but that only gives you
> limited permissions, you'll need to do more before you can NMU the
> kernel or glibc on your own", eg).

Maybe, but for various reasons it would surprise me if it became
substantially easier than it is now, for reasons that you allude to below.

>> Because of that, I'm not convinced by this counter-argument, except
>> possibly for those messages sent to debian-private back when it was far
>> easier to join the project (and even still, I think there was always a
>> weeding factor).

> In '98, when I joined, it was sufficient to send a mail to
> new-maintainer indicating what you planned on doing, that you had a key,
> and that you'd read the social contract, and then had a phone call with
> Joey or James to prove you really existed. My package was the non-free
> distributed-net-pproxy, and my experience was that I'd had a few Debian
> installs (and hey, there's a mail I could point you at... on -private).

> The weeding factors we now have are due to the fact that we don't have a
> good way of absorbing as many new members as we could get. There's a few
> threads on -private that it'd be helpful to refer to to support that
> point too... :-/

Sure.  It used to be easier.  Maybe it will be somewhat easier again.  But
still, that's not the same thing as the general public; back when it was
easier, far fewer people were joining as well.

Please note that I'm not saying this is a persuasive argument against the
proposal.  I still haven't made up my mind.  I just think that the change
in archive policy is a real, substantive change, and diminishing it by
saying that anyone could join the project doesn't really hold water, IMO.

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: