[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Draft amendment: Welcome non-packaging contributors as Debian Developers with upload access

Re: Lucas Nussbaum 2010-09-15 <[🔎] 20100915141740.GA21833@xanadu.blop.info>
> * Establish procedures to evaluate and accept contributors of
>   non-packaging work as Debian Developers.
> Additionally, the Debian project acknowledges that the current practice of
> providing all Debian Developers with access to project machines, and
> unlimited upload permissions to the Debian archive, does not follow the
> principle of least privilege, and unnecessarily exposes the Debian
> infrastructure and the Debian archive.
> Therefore, the Debian project invites the relevant teams to investigate
> technical methods that would permit DDs to restrict their access to Debian
> infrastructure, and their upload access to the Debian archive, when their work
> does not require it.  Those technical methods should only be aimed at reducing
> Debian's attack surface, not at limiting DDs' access and upload permissions,
> and DDs should be able to regain unlimited access when their work require it
> without going through a review of their skills.

This looks overly detailed and too technical. This kind of security
hardening should be done independently from the non-packaging
contributors idea, if the involved parties (DSA, etc.) feel it is
necessaary. Please don't include it in a GR, but propose a text that
just says "non-packaging DDs are just like normal DDs".

cb@df7cb.de | http://www.df7cb.de/

Attachment: signature.asc
Description: Digital signature

Reply to: