Re: Draft amendment: Welcome non-packaging contributors as Debian Developers with upload access
On 15/09/10 at 16:49 +0200, Christoph Berg wrote:
> Re: Lucas Nussbaum 2010-09-15 <[🔎] 20100915141740.GA21833@xanadu.blop.info>
> > * Establish procedures to evaluate and accept contributors of
> > non-packaging work as Debian Developers.
> >
> > Additionally, the Debian project acknowledges that the current practice of
> > providing all Debian Developers with access to project machines, and
> > unlimited upload permissions to the Debian archive, does not follow the
> > principle of least privilege, and unnecessarily exposes the Debian
> > infrastructure and the Debian archive.
> >
> > Therefore, the Debian project invites the relevant teams to investigate
> > technical methods that would permit DDs to restrict their access to Debian
> > infrastructure, and their upload access to the Debian archive, when their work
> > does not require it. Those technical methods should only be aimed at reducing
> > Debian's attack surface, not at limiting DDs' access and upload permissions,
> > and DDs should be able to regain unlimited access when their work require it
> > without going through a review of their skills.
>
> This looks overly detailed and too technical. This kind of security
> hardening should be done independently from the non-packaging
> contributors idea, if the involved parties (DSA, etc.) feel it is
> necessaary. Please don't include it in a GR, but propose a text that
> just says "non-packaging DDs are just like normal DDs".
After thinking about it some more, I decided that I didn't care that
much to propose an amendment on the "non-packaging DDs are just like
normal DDs" part myself. If someone else wanted to propose one, I would
probably second it, and rank it higher than the modified original
proposal, though.
- Lucas
Reply to: