[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: question for all candidates

On Thu, Mar 09, 2006 at 01:35:05AM -0800, Don Armstrong wrote:
> On Thu, 09 Mar 2006, Anthony Towns wrote:
> > In the mail to the DPL I mentioned above, James outlined three
> > fairly significant technical changes that could be implemented to
> > make the job easier, and could be done by anyone, without requiring
> > any special priveleges; and also noted why he doesn't believe it's
> > technically feasible to have the keyring maintained by multiple
> > people, and how that could be fixed.
> Could this mail (or the practical upshot of it) be made public?

I'll leaving posting the mail itself to Branden or James if they chose,
since I only had a copy to comment on any wording that wasn't clear.

On Thu, Mar 09, 2006 at 11:47:18AM +0200, Kalle Kivimaa wrote:
> What would these three things be? I might be interested in tackling
> some of them.

So first one was the spam problem, keyring-maint is a well-known address,
and mails that are meant to go to it could be in all sorts of weird
formats. There's already magic debian.org handling that'll drop stuff
without a pseudo-header in the mail (for submit@bugs), or without
a specific tag in the subject which should mostly solve the problem,
which mostly requires working out some tags/headers and making sure all
the appropriate documentation is updated.

The second was to get rt setup to, uh, track requests -- it's waiting
on the first thing (since rt sends auto-replies, and auto-replies to
spam is bad, mmmkay), and possibly also lacks a debian.org machine that can
be its host.

The third thing was to develop some new scripts to manage
debian-keyring.gpg in a more componentised manner -- rather than
one huge blob, have many small files that are independently auditable
(this is the key for "blah@debian.org", it's authorised because it came
via grmbl@debian.org after blah lost their key in a tragic accident
involving a watermelon, it's signed by foo and bar...). The scripts
to manage all this have to be simple, obviously correct and secure,
and also fast enough to be usable.

Apparently there's been some mention of this on -private; I'm not
sure when.


Attachment: signature.asc
Description: Digital signature

Reply to: