On 15/09/10 at 16:49 +0200, Christoph Berg wrote: > Re: Lucas Nussbaum 2010-09-15 <20100915141740.ga21...@xanadu.blop.info> > > * Establish procedures to evaluate and accept contributors of > > non-packaging work as Debian Developers. > > > > Additionally, the Debian project acknowledges that the current practice of > > providing all Debian Developers with access to project machines, and > > unlimited upload permissions to the Debian archive, does not follow the > > principle of least privilege, and unnecessarily exposes the Debian > > infrastructure and the Debian archive. > > > > Therefore, the Debian project invites the relevant teams to investigate > > technical methods that would permit DDs to restrict their access to Debian > > infrastructure, and their upload access to the Debian archive, when their > > work > > does not require it. Those technical methods should only be aimed at > > reducing > > Debian's attack surface, not at limiting DDs' access and upload permissions, > > and DDs should be able to regain unlimited access when their work require it > > without going through a review of their skills. > > This looks overly detailed and too technical. This kind of security > hardening should be done independently from the non-packaging > contributors idea, if the involved parties (DSA, etc.) feel it is > necessaary. Please don't include it in a GR, but propose a text that > just says "non-packaging DDs are just like normal DDs".
After thinking about it some more, I decided that I didn't care that much to propose an amendment on the "non-packaging DDs are just like normal DDs" part myself. If someone else wanted to propose one, I would probably second it, and rank it higher than the modified original proposal, though. - Lucas -- To UNSUBSCRIBE, email to debian-vote-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100916193241.ga24...@xanadu.blop.info