Re: I am still on the keyring. With my old key.
On Wed, 23 Nov 2005 23:01:25 -0800, Thomas Bushnell BSG [EMAIL PROTECTED] wrote: Marc Haber [EMAIL PROTECTED] writes: According to the reports of another member of the ftp-master team, the situation was cleared up, but Mr. Troup re-enabled the check that breaks dpkg-sig on purpose after not being amused about HE's rant on here. If this is accurate, it is not reasonable. Unfortunately, there is no way to verify this for a mere mortal DD since spohr change and work logs are not public and jennifer on the mirror on merkel is half a year out of date. But the report came from the member of ftp-master I trust the most, so I tend to believe it. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber |Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom | http://www.zugschlus.de/ Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fon: *49 621 72739834
Re: I am still on the keyring. With my old key.
On Tue, 22 Nov 2005 21:41:21 +0100, Andreas Schuldei [EMAIL PROTECTED] wrote: * Marc Haber [EMAIL PROTECTED] [2005-11-21 23:33:48]: If the DPL team is actually addressing that issue, it is not doing so transparently. That was on purpose. we thought that there was something to be learned from threads on public mailinglists that lead nowhere and wanted to try private mail threads that lead nowhere, instead. What are you trying to do instead? If you might have noticed, we have _just_ _another_ ftpmaster situation _right_ _now_, and from handling of #339686 by a member of the DPL team I don't get the impression that the DPL team actually cares. In fact, how can the message of we don't care about security if it's ftpmaster breaking security features be more official than by the downgrade of that bug to wishlist by a DPL team member? Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber |Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom | http://www.zugschlus.de/ Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fon: *49 621 72739834
Re: I am still on the keyring. With my old key.
* Marc Haber [EMAIL PROTECTED] [2005:11:23 11:07 +0100]: What are you trying to do instead? If you might have noticed, we have _just_ _another_ ftpmaster situation _right_ _now_, and from handling of #339686 by a member of the DPL team I don't get the impression that the DPL team actually cares. What bug number did you mean? In fact, how can the message of we don't care about security if it's ftpmaster breaking security features be more official than by the downgrade of that bug to wishlist by a DPL team member? What? -- off the chain like a rebellious guanine nucleotide -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: I am still on the keyring. With my old key.
On Wed, 23 Nov 2005 11:32:19 -0500, Erinn Clark [EMAIL PROTECTED] wrote: * Marc Haber [EMAIL PROTECTED] [2005:11:23 11:07 +0100]: What are you trying to do instead? If you might have noticed, we have _just_ _another_ ftpmaster situation _right_ _now_, and from handling of #339686 by a member of the DPL team I don't get the impression that the DPL team actually cares. What bug number did you mean? Sorry. #340306. I confused these bugs because in the discussion, somebody used #339686 to show that I am doing a job as bad as Mr. Troup. In fact, how can the message of we don't care about security if it's ftpmaster breaking security features be more official than by the downgrade of that bug to wishlist by a DPL team member? What? See #340306. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber |Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom | http://www.zugschlus.de/ Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fon: *49 621 72739834
Re: I am still on the keyring. With my old key.
On Wed, 23 Nov 2005, Marc Haber wrote: Sorry. #340306. Hmm... wasn't the situation around this bug cleared up in another d-devel thread no more than two or three days ago, and a fix already commited to CVS? -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: I am still on the keyring. With my old key.
[Henrique de Moraes Holschuh] Hmm... wasn't the situation around this bug cleared up in another d-devel thread no more than two or three days ago, and a fix already commited to CVS? That's what I thought. But the bug is still open. And jvw's reasoning that it is OK for ftp.debian.org to contradict Policy, on the grounds that Policy deals with packages' behavior not with how the archive should behave is still good for a smile. signature.asc Description: Digital signature
Re: I am still on the keyring. With my old key.
Marc Haber [EMAIL PROTECTED] wrote: What are you trying to do instead? If you might have noticed, we have _just_ _another_ ftpmaster situation _right_ _now_, and from handling of #339686 by a member of the DPL team I don't get the impression that the DPL team actually cares. (#340306) In fact, how can the message of we don't care about security if it's ftpmaster breaking security features be more official than by the downgrade of that bug to wishlist by a DPL team member? Rejecting signed packages is not equivalent to we don't care about security. You appear to be complaining that a bug that was filed on Tuesday hasn't been fixed on Wednesday. Further, this appears to be a bug that affects a tiny number of people. Expecting it to be prioritised over anything else that people may be working on is insane, and bringing it up in such a hostile manner (not to mention attempting to use it to claim that the DPL team don't care about your particular issue) isn't going to result in it being fixed faster. Instead, it's going to result in people assuming that you're some sort of conspiracy-theory loon. -- Matthew Garrett | [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: I am still on the keyring. With my old key.
On Wed, 23 Nov 2005 16:14:47 -0200, Henrique de Moraes Holschuh [EMAIL PROTECTED] wrote: On Wed, 23 Nov 2005, Marc Haber wrote: Sorry. #340306. Hmm... wasn't the situation around this bug cleared up in another d-devel thread no more than two or three days ago, and a fix already commited to CVS? According to the reports of another member of the ftp-master team, the situation was cleared up, but Mr. Troup re-enabled the check that breaks dpkg-sig on purpose after not being amused about HE's rant on here. And productive jennifer is not accessible anywhere, and it is not the version available from dak CVS. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber |Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom | http://www.zugschlus.de/ Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fon: *49 621 72739834
Re: I am still on the keyring. With my old key.
* Marc Haber [Wed, 23 Nov 2005 18:38:15 +0100]: I confused these bugs because in the discussion, somebody used #339686 to show that I am doing a job as bad as Mr. Troup. 10:18 dato Zugschlus: so. how'd you'd feel if I said that #339686 was a deliberate attempt on your part to consciously drop support of a perfect ok setup, such as shadow-less systems? bugs happen, period. 10:19 dato in adduser, in mutt, and in ftp-master.debian.org. I'll let others decide whether that was to show that you're doing a bad job with your packages, or an analogy/whatever. I can't even be bothered to ask for an apology. -- Adeodato Simó dato at net.com.org.es Debian Developer adeodato at debian.org Man: Wow, that woman looks exactly the way Nina is going to look in about ten years... Oh shit, it is Nina. Don't tell her what I said, okay? -- http://www.overheardinnewyork.com/archives/003086.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: I am still on the keyring. With my old key.
Marc Haber [EMAIL PROTECTED] writes: What are you trying to do instead? If you might have noticed, we have _just_ _another_ ftpmaster situation _right_ _now_, and from handling of #339686 by a member of the DPL team I don't get the impression that the DPL team actually cares. I can't understand what you're referring to here. You are perhaps assuming that we all have context you haven't explained? Bug 339686 was reported with severity important and a patch, and then upgraded to serious by the maintainer, and then closed. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: I am still on the keyring. With my old key.
Marc Haber [EMAIL PROTECTED] writes: According to the reports of another member of the ftp-master team, the situation was cleared up, but Mr. Troup re-enabled the check that breaks dpkg-sig on purpose after not being amused about HE's rant on here. If this is accurate, it is not reasonable. If HE went and shot Troup's dog, that wouldn't be an excuse for changing the ftp archive behavior. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: I am still on the keyring. With my old key.
On Mon, 21 Nov 2005, Thomas Bushnell BSG wrote: Andreas Schuldei [EMAIL PROTECTED] writes: i have not given up that hope yet and i invest a considerable amount of time working on this issue as part of my work on the DPL-Team. others there do so, too. I hope this is true. I really do. However, I have no particular evidence that it is true. Maybe you could explain in more detail? Get to next debconf and see him actually work with people. No need for words. --j -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: I am still on the keyring. With my old key.
* Jaakko Niemi [EMAIL PROTECTED] [2005-11-22 17:12:00]: On Mon, 21 Nov 2005, Thomas Bushnell BSG wrote: Andreas Schuldei [EMAIL PROTECTED] writes: i have not given up that hope yet and i invest a considerable amount of time working on this issue as part of my work on the DPL-Team. others there do so, too. I hope this is true. I really do. However, I have no particular evidence that it is true. Maybe you could explain in more detail? Get to next debconf and see him actually work with people. No need for words. did i beat someone up when i was watched? did it get caught on film, even? (c: signature.asc Description: Digital signature
Re: I am still on the keyring. With my old key.
Scripsit Anand Kumria [EMAIL PROTECTED] On Mon, Nov 21, 2005 at 02:18:02AM +0100, Henning Makholm wrote: If somebody designs and implements (after a suitable architectural review) some software to support distributed keyring maintenance in a secure, auditable way, it is likely that calls for adding more people to the task would be considered more seriously. This is an interesting technical position but one that I think is incorrect. On the contrary, you seem to be focusing on the _easy_ part of the problem (which rules to use when taking the decision). The _hard_ part is to _implement_ the decision in a secure way once the rules determine that the keyring should be updated. As I have indicated above, I do not believe the role of keyring-maint is to make *any* decision but to act upon the instructions of other parts of Debian (QA, DAM, tech-ctte, DPL(s), DDs via GR). The core of the problem is not decision-making. Ideally the role of keyring-maint can be useful performed by a script Strong disagreement. A function as sensitive and fundamental as maintaining the authoritative _master copy_ of the Debian keyring should not be left entirely to an unattended script. There must be real people in the loop who can monitor the changes for unusual patterns. but since the set of entities who could instruct the keyring-maint is large it would probably make sense to have a number of humans fronting that script. Producing some software that *can* be fronted for by more than one human without introducing unacceptable security risks is the problem I'm pointing to. -- Henning Makholm *Tak* for de ord. *Nu* vinker nobelprisen forude. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: I am still on the keyring. With my old key.
On Tue, 22 Nov 2005, Andreas Schuldei wrote: Get to next debconf and see him actually work with people. No need for words. did i beat someone up when i was watched? did it get caught on film, even? (c: ... where did the evidence go? :) --j -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: I am still on the keyring. With my old key.
* Florian Weimer [EMAIL PROTECTED] [2005-11-22 08:52:25]: * Andreas Schuldei: i have not given up that hope yet and i invest a considerable amount of time working on this issue as part of my work on the DPL-Team. others there do so, too. Is this the delegation to teams item on http://wiki.debian.org/DPLTeamCurrentIssues? A rather cryptic reference, IMHO. yes, that was on purpose. there has been mails to/from the teams about delegation and things go slow for various reasons. I updated the above mentioned page to be a *bit* more verbose about this. signature.asc Description: Digital signature
Re: I am still on the keyring. With my old key.
* Marc Haber [EMAIL PROTECTED] [2005-11-21 23:33:48]: If the DPL team is actually addressing that issue, it is not doing so transparently. That was on purpose. we thought that there was something to be learned from threads on public mailinglists that lead nowhere and wanted to try private mail threads that lead nowhere, instead. (c: Hence, to the mere mortal DD; nothing has changed since Branden's electrion, which is a real disappointment. At least to me. Well, the process is not over yet, and has not produced the results we want to see. I too am surprised to see such slow progress. But as i wrote earlier in this thread i did not give up hope yet. After all the involved individuals are sensible persons but busy. Of course business is not a valid excuse for everything, even for volunteers. If you are too busy to do your volunteer stuff you in fact stopped volunteering some time ago... signature.asc Description: Digital signature
Re: I am still on the keyring. With my old key.
* Marc Haber [EMAIL PROTECTED] [2005-11-21 08:55:52]: On Sun, 20 Nov 2005 11:29:19 +0100, Petter Reinholdtsen [EMAIL PROTECTED] wrote: I seriously hope the non-elected people blocking and slowing down several important processes in Debian soon realize that there is a problem and that it might be best for them to solve it by stepping aside or allowing new people to help them with the tasks. I have lost _that_ hope like two years ago. It is not the case that these problems with the non-elected people who keep blocking processes are new. No, they have been there even when I joined the project. i have not given up that hope yet and i invest a considerable amount of time working on this issue as part of my work on the DPL-Team. others there do so, too. signature.asc Description: Digital signature
Re: I am still on the keyring. With my old key.
2005/11/21, Henning Makholm [EMAIL PROTECTED]: It can be considered bad from a technical viewpoint - as far as I understand the master copy of the keyring is currently on a medium that is under the keyring maintainer's direct physical control. The obvious way of switching to team maintenance of the keyring would entail keeping the master copy in a central machine - for example on a debian.org box somewhere in a colo. Doing that in a way that does not leave the keyring more vulnerable to surreptitious compromise than some reasonable persons might prefer, requires software support that does not currently exist. Thanks for the clear explanation, I certainly hadn't heard that argument before. My first thought would be to simply create multiple keyrings, one for each keyring maintainer, which are merged on a regular basis. Teaching the archive scripts to look at more than one keyring wouldn't be too hard. Anyway, surely the acceptance onto the keyring is designated by a signiture on that key, not just by it's presense in a particular file? How do you ensure the file hasn't been tampered with? Signitures can be revoked, but only by the person who signed it in the first place. Anyway, my GPG knowledge isn't that great. so I'll leave it at that. Thanks for the info.
Re: I am still on the keyring. With my old key.
On Mon, 21 Nov 2005, Martijn van Oosterhout wrote: Anyway, surely the acceptance onto the keyring is designated by a signiture on that key, not just by it's presense in a particular file? Yes, it *is* the presense in a particular file. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: I am still on the keyring. With my old key.
Scripsit Martijn van Oosterhout [EMAIL PROTECTED] My first thought would be to simply create multiple keyrings, one for each keyring maintainer, which are merged on a regular basis. Teaching the archive scripts to look at more than one keyring wouldn't be too hard. That would not solve the most acute problem: That of _removing_ a key quickly if the keyring maintainer who originally added it is temporarily unavailable. -- Henning Makholm Slip den panserraket og læg dig på jorden med ansigtet nedad! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: I am still on the keyring. With my old key.
On Mon, 21 Nov 2005 09:05:02 +0100, Andreas Schuldei [EMAIL PROTECTED] wrote: * Marc Haber [EMAIL PROTECTED] [2005-11-21 08:55:52]: On Sun, 20 Nov 2005 11:29:19 +0100, Petter Reinholdtsen [EMAIL PROTECTED] wrote: I seriously hope the non-elected people blocking and slowing down several important processes in Debian soon realize that there is a problem and that it might be best for them to solve it by stepping aside or allowing new people to help them with the tasks. I have lost _that_ hope like two years ago. It is not the case that these problems with the non-elected people who keep blocking processes are new. No, they have been there even when I joined the project. i have not given up that hope yet and i invest a considerable amount of time working on this issue as part of my work on the DPL-Team. others there do so, too. If the DPL team is actually addressing that issue, it is not doing so transparently. Hence, to the mere mortal DD; nothing has changed since Branden's electrion, which is a real disappointment. At least to me. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber |Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom | http://www.zugschlus.de/ Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fon: *49 621 72739834
Re: I am still on the keyring. With my old key.
Hi Henning, On Mon, Nov 21, 2005 at 02:18:02AM +0100, Henning Makholm wrote: Scripsit Martijn van Oosterhout [EMAIL PROTECTED] push aside? There's no rule that says there can be only one. Yes, replacing someone could become ugly, but providing additional hands can't be considered bad, can it? It can be considered bad from a technical viewpoint - as far as I understand the master copy of the keyring is currently on a medium that is under the keyring maintainer's direct physical control. The obvious way of switching to team maintenance of the keyring would entail keeping the master copy in a central machine - for example on a debian.org box somewhere in a colo. Doing that in a way that does not leave the keyring more vulnerable to surreptitious compromise than some reasonable persons might prefer, requires software support that does not currently exist. If somebody designs and implements (after a suitable architectural review) some software to support distributed keyring maintenance in a secure, auditable way, it is likely that calls for adding more people to the task would be considered more seriously. This is an interesting technical position but one that I think is incorrect. The [EMAIL PROTECTED] is to add, update and remove keys in the keyring. Generally both the add and remove functions should be done after being directed to -- either via a GR or from the Debian Account Maintainers (DAM)s, or in the case of removal once a developer has resigned -- not on their own accord. This leaves the update function, which has a number of components: - update the signature set of existing keys (simple) Poll the various public keyservers to for each key existing on the keyring. - migrate a developer from current to emeritus and vice versa (medium) I would assume that this also occurs upon the instructions of some other entity, either QA, the developer themself, via GR, etc. - replace an existing (compromised, lost) key with a new one (hard) This seem to be the problematic function. This is hard because the solution it isn't just technical (like the first), nor social (like the second) but a combination of them both. One solution might be: - require the developer to generate a new key - require the developer to have _at least_ N number of other, existing developers sign their key - once the developer submits their new key, the keyring-maint can select M of the N signatures from existing developers and ask them to further assure keyring-maint that the developer in question is who they say they are. - once that check passes, update the keyring. I would suggest that M be 2 and N be 3. Anyway, ISTM that removing keys from a keyring is much more important than adding new ones, right? It is also more difficult to implement in a secure distributed way. Anybody can think up a scheme for using gpg signatures to prevent keys from being added without authorisation in the first place. Making sure that a removed key stays removed is a more complex question - particularly if emergency powers-to-remove just get kludged onto the existing system as an afterthought. As I have indicated above, I do not believe the role of keyring-maint is to make *any* decision but to act upon the instructions of other parts of Debian (QA, DAM, tech-ctte, DPL(s), DDs via GR). Ideally the role of keyring-maint can be useful performed by a script but since the set of entities who could instruct the keyring-maint is large it would probably make sense to have a number of humans fronting that script. Cheers, Anand -- `When any government, or any church for that matter, undertakes to say to its subjects, This you may not read, this you must not see, this you are forbidden to know, the end result is tyranny and oppression no matter how holy the motives' -- Robert A Heinlein, If this goes on -- signature.asc Description: Digital signature
Re: I am still on the keyring. With my old key.
[Anand Kumria] - require the developer to generate a new key - require the developer to have _at least_ N number of other, existing developers sign their key - once the developer submits their new key, the keyring-maint can select M of the N signatures from existing developers and ask them to further assure keyring-maint that the developer in question is who they say they are. - once that check passes, update the keyring. I would suggest that M be 2 and N be 3. In the 8 years I've been using Debian, I've met, in real life, exactly one developer (and I think 2 former developers). At that rate, were I a developer and needed to revoke/reissue a gpg key, it would take approximately 24 years to accumulate enough signatures to do so. So N=3 sounds high, to me. OTOH, complaints about the keyring maintainer being slow would probably go away, since a 2-month turnaround time is pretty negligible compared to 24 years. (My point isn't really the 24 years, it's that some of us aren't geographically situated to get 3 developer signatures as quickly as you probably think.) signature.asc Description: Digital signature
Re: I am still on the keyring. With my old key.
Andreas Schuldei [EMAIL PROTECTED] writes: i have not given up that hope yet and i invest a considerable amount of time working on this issue as part of my work on the DPL-Team. others there do so, too. I hope this is true. I really do. However, I have no particular evidence that it is true. Maybe you could explain in more detail? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: I am still on the keyring. With my old key.
* Andreas Schuldei: i have not given up that hope yet and i invest a considerable amount of time working on this issue as part of my work on the DPL-Team. others there do so, too. Is this the delegation to teams item on http://wiki.debian.org/DPLTeamCurrentIssues? A rather cryptic reference, IMHO. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: I am still on the keyring. With my old key.
[Nathanael Nerode] It's a pity the DPL hasn't anointed a less-busy person with authority to alter the keyring. I suspect and hope the DPL try to reason with the people in question first, before the DPL wields his authority and push the current holder of privileged positions aside, as a power struggle with the overworked people in these privileged key positions could become ugly. Do you really want the DPL to push the keyring maintainer aside and give the task to someone else? Do you believe it would work, with the ftp-masters and the Debian system administrators on both sides of such conflict? I seriously hope the non-elected people blocking and slowing down several important processes in Debian soon realize that there is a problem and that it might be best for them to solve it by stepping aside or allowing new people to help them with the tasks. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: I am still on the keyring. With my old key.
2005/11/20, Petter Reinholdtsen [EMAIL PROTECTED]: I suspect and hope the DPL try to reason with the people in question first, before the DPL wields his authority and push the current holder of privileged positions aside, as a power struggle with the overworked people in these privileged key positions could become ugly. Do you really want the DPL to push the keyring maintainer aside and give the task to someone else? Do you believe it would work, with the ftp-masters and the Debian system administrators on both sides of such conflict? push aside? There's no rule that says there can be only one. Yes, replacing someone could become ugly, but providing additional hands can't be considered bad, can it? Anyway, ISTM that removing keys from a keyring is much more important than adding new ones, right? I seriously hope the non-elected people blocking and slowing down several important processes in Debian soon realize that there is a problem and that it might be best for them to solve it by stepping aside or allowing new people to help them with the tasks. I hope there is more going on in the background that we are not seeing...
Re: I am still on the keyring. With my old key.
Chip Salzenberg [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Who does a developer have to fuck around here to get his key deleted? I'm not sure your resignation was valid. Most important debian mechanisms require a signature from a key in the keyring. It is hard for anybody to verify that you really are the developer named chip salzenberg without having the relevent post signed. If nothing else the resignation shuld have been signed by the new key. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: I am still on the keyring. With my old key.
Chip Salzenberg [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Who does a developer have to fuck around here to get his key deleted? -- Chip Salzenberg [EMAIL PROTECTED] Wait. Ignore my previous post. I had forgotten that the resignation post was indeed signed. It might however be the case that your key will not be removed until the new key makes it into the keyring. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: I am still on the keyring. With my old key.
Scripsit Martijn van Oosterhout [EMAIL PROTECTED] push aside? There's no rule that says there can be only one. Yes, replacing someone could become ugly, but providing additional hands can't be considered bad, can it? It can be considered bad from a technical viewpoint - as far as I understand the master copy of the keyring is currently on a medium that is under the keyring maintainer's direct physical control. The obvious way of switching to team maintenance of the keyring would entail keeping the master copy in a central machine - for example on a debian.org box somewhere in a colo. Doing that in a way that does not leave the keyring more vulnerable to surreptitious compromise than some reasonable persons might prefer, requires software support that does not currently exist. If somebody designs and implements (after a suitable architectural review) some software to support distributed keyring maintenance in a secure, auditable way, it is likely that calls for adding more people to the task would be considered more seriously. Anyway, ISTM that removing keys from a keyring is much more important than adding new ones, right? It is also more difficult to implement in a secure distributed way. Anybody can think up a scheme for using gpg signatures to prevent keys from being added without authorisation in the first place. Making sure that a removed key stays removed is a more complex question - particularly if emergency powers-to-remove just get kludged onto the existing system as an afterthought. -- Henning Makholm Panic. Alarm. Incredulity. *Thing* has not enough legs. Topple walk. Fall over not. Why why why? What *is* it? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: I am still on the keyring. With my old key.
Henning Makholm [EMAIL PROTECTED] writes: If somebody designs and implements (after a suitable architectural review) some software to support distributed keyring maintenance in a secure, auditable way, it is likely that calls for adding more people to the task would be considered more seriously. If it is true that we cannot have more than one person do the job of keyring maintenance, then it is extremely important for that one person to be extremely good at rapid turnaround, responding to questions, and helping other developers out. There is a common perception that the current keyring maintainer does not possess these particular skills. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: I am still on the keyring. With my old key.
On Sun, 20 Nov 2005 11:29:19 +0100, Petter Reinholdtsen [EMAIL PROTECTED] wrote: I seriously hope the non-elected people blocking and slowing down several important processes in Debian soon realize that there is a problem and that it might be best for them to solve it by stepping aside or allowing new people to help them with the tasks. I have lost _that_ hope like two years ago. It is not the case that these problems with the non-elected people who keep blocking processes are new. No, they have been there even when I joined the project. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber |Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom | http://www.zugschlus.de/ Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fon: *49 621 72739834
Re: I am still on the keyring. With my old key.
On 15:34 Fri 18 Nov 2005, Chip Salzenberg wrote: Who does a developer have to fuck around here to get his key deleted? That's the way it is. -- David Moreno Garza [EMAIL PROTECTED] | http://www.damog.net/ [EMAIL PROTECTED] | GPG: C671257D Cuando yo nací, la tierra tembló. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: I am still on the keyring. With my old key.
Chip Salzenberg wrote: Who does a developer have to fuck around here to get his key deleted? Same one he has to fuck to get a new key added, presumably. It's a pity the DPL hasn't anointed a less-busy person with authority to alter the keyring. -- ksig --random| -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]