Lucas Nussbaum <lu...@lucas-nussbaum.net> writes: > If we go for DDs without upload rights, I think that we should be > extremely careful about not transforming this new kind of DDs into > second-class members of the project. A way to do that is to avoid giving > them a name, and emphasize the fact that they are DDs, not another > sub-kind of project members. The "no upload rights" part would just be a > minor technical distinction.
I wholeheartedly second this. I'm one of the people who has previously argued for giving different sets of privileges different names, but after reviewing this thread, I think I was wrong. I don't think we should so that at all. DDs already have widely varying privileges. We have different levels of commit access to various project repositories. Some of us have logins on some systems that others do not. I have sudo access to lintian, for example, which most other DDs do not. Some are DSA members and have root access to many project systems. Some are ftp-master team members and have more direct access to the project archive. There are numerous other examples. Yet we're all currently called DDs. I think unlimited upload access should be simply another one of those sets of permissions that some people have and others don't. Those who need that access to do their work can receive it after appropriate vetting of their ability to use that access appropriately, just as someone would volunteer to join ftp-master, or DSA, or keyring-maint, or the Lintian maintenance team and would, after appropriate vetting, be given additional privileges to do that work. Having or not having additional access should not change the basic DD status. In fact, we should all be striving to follow the principle of least privilege and *not* have access that we don't need and don't use, since unused access is one of the primary vulnerabilities to any sort of organizational security. In the long run, I'd love to see a mechanism whereby someone who was qualified for unlimited upload access but doesn't need it for their current work in Debian could have it turned off, to reduce Debian's attack surface, and then regain it later if the nature of their work in Debian changes. Similarly, along that same vein, could we stop calling it "upload rights" and instead call it "upload access"? "Rights" has connotations (at least to this US English speaker) of citizenship, fundamental rights, and similar ideas, which lead directly to the conception of someone without a "right" as a second-class citizen of Debian. I would much rather think of it as access, just like sudo to a user, membership in some project group, or commit access to some repository is an access control. It's a security and project safety measure following both best practices for access control and a system of qualification to do something with direct impact on other people's work (just like qualification for a driver's license is required since one's operation of a car has a direct impact on other people's use of their cars). Someone without a "right" is someone we think less of; someone without "access" is someone who doesn't need it or who hasn't yet finished the qualification process for it. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-vote-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87pqwfjvz5....@windlord.stanford.edu
