Anthony Towns <aj@azure.humbug.org.au> writes: > Personally, I think that's the minimum we ought to expect, but IME it's > also a hell of a lot more work than it should be, and it'll require a > chunk of effort from someone to actually make it happen.
This depends on two factors, namely how many transactions there are in total in the various Debian-related accounts and how many of those are Debian-specific. If we are talking about a couple of hundred transactions, it is very doable as a volunteer work. If the number of Debian-specific transactions is in the order of 1000 or more, then it is a very different project (and should be split if it is a volunteer project). > Many of the machines are restricted; so anyone but DSA getting ssh access > to all of them is unlikely; more likely is having the machines report the > interesting statistics to LDAP and being able to query that. Knowing where > machines are hosted, who they're owned by (the original sponsor? SPI? > whoever's hosting them?), who the appropriate contact people are > (replacement parts? hosting? local admin?) are important here. This information is static and is a bit irrelevant from auditing point of view. The purpose of auditing is to make sure that the assets are there and that the governing body has used them wisely. It is entirely possible that somebody replaces a server with a virtual server or simply renames a machine to be identical with another machine. I do agree that we could just start by checking the assets list and maybe doing some trivial ping testing to see that the machines seem to be on the net. -- * Sufficiently advanced magic is indistinguishable from technology (T.P) * * PGP public key available @ http://www.iki.fi/killer * -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
