Hi Nilesh, Le Sun, Oct 16, 2022 at 03:16:11PM +0530, Nilesh Patra a écrit : > > IMHO the "risk assessment" for most DDs is already done via NM process. > Usually people are mindful of when they upload, and do ask others > for opinions when they do NMU's.
The risk assessment I suggest is for the archive, not for each people individually. Simple questions (please let's not discuss answers) such as: - What if a DD gets their keys plus password lost and found or stolen by a third party ? - What if a DD turns so spiteful that harming Debian becomes more important than protecting their reputation ? - What if a hostile upload happens and is undetected for a while ? - What if a hostile upload happens and is removed before it does harm ? - What if a hostile upload happens and is blocked even before it reaches the mirrors ? Will the world applause or will our reputation be harmed anyway ? - What is a hostile upload ? Have we thought about all possible case ? Not all answers to these questions imply that limiting upload rights is of high importance. But I think that it is important to take the time to think about them. > I can understand. However that is not true for a lot of DDs (including me). > Many people do need archive-wide previledges. Tobias gave a rather crisp > reason > in their mail. That is very true. Upload restrictions come with a cost. The main message I would like to pass is that maybe in the course the development or maintenance of our infrastructures, that cost will drop. If it is easy for those who need to get archive-wide priviledges, it is also easy to start without that priviledge as a default. Have a nice day, Charles -- Charles Plessy Nagahama, Yomitan, Okinawa, Japan Debian Med packaging team http://www.debian.org/devel/debian-med Tooting from work, https://mastodon.technology/@charles_plessy Tooting from home, https://framapiaf.org/@charles_plessy
