Re: Lucas Nussbaum 2010-09-15 <20100915141740.ga21...@xanadu.blop.info> > * Establish procedures to evaluate and accept contributors of > non-packaging work as Debian Developers. > > Additionally, the Debian project acknowledges that the current practice of > providing all Debian Developers with access to project machines, and > unlimited upload permissions to the Debian archive, does not follow the > principle of least privilege, and unnecessarily exposes the Debian > infrastructure and the Debian archive. > > Therefore, the Debian project invites the relevant teams to investigate > technical methods that would permit DDs to restrict their access to Debian > infrastructure, and their upload access to the Debian archive, when their work > does not require it. Those technical methods should only be aimed at reducing > Debian's attack surface, not at limiting DDs' access and upload permissions, > and DDs should be able to regain unlimited access when their work require it > without going through a review of their skills.
This looks overly detailed and too technical. This kind of security hardening should be done independently from the non-packaging contributors idea, if the involved parties (DSA, etc.) feel it is necessaary. Please don't include it in a GR, but propose a text that just says "non-packaging DDs are just like normal DDs". Christoph -- c...@df7cb.de | http://www.df7cb.de/
signature.asc
Description: Digital signature
