Re: Request to Mini DebConf Montreal Organizers: Fight Israel not the DC20 Team

[Matthew Vernon]

Sam Hartman  writes:

> I think the easiest way for you to do that is to withdraw your budget
> request and for you to do the conference logistics on your own.  In
> effect, accept the idea that putting this too close to Debian puts the
> project in an awkward position and  remove that.  If we force you, it is
> inherently distancing.  If you do it on your own, it can be
> constructive.

I don't think this is the right thing to ask the Montreal organisers to
do to. It's needlessly making work for them. Making them do extra work
does not support DC20. People can choose to attend both Montreal and
Debconf. 

Matthew

-- 
"At least you know where you are with Microsoft."
"True. I just wish I'd brought a paddle."
http://www.debian.org

Re: Some thoughts about Diversity and the CoC

[Matthew Vernon]

Gerardo Ballabio  writes:

> I had thought that there was room for a dissenting opinion, but
> clearly there isn't.

You can think what you like - the requirement is that you treat people
in Debian with respect, which means (in this case) that if you use
pronouns to refer to them, you endeavour to use their preferred
pronouns.

The CoC is about behaviour.

Regards,

Matthew

-- 
"At least you know where you are with Microsoft."
"True. I just wish I'd brought a paddle."
http://www.debian.org

Re: Censorship in Debian

[Matthew Vernon]

Miles Fidelman  writes:

> On 1/10/19 5:28 PM, Matthew Vernon wrote:
>>
>> ...which is why, of course, the Debian project has said that we won't
>> accept racist/sexist/homophobic/etc language in our spaces, because we
>> want a broad range of people to feel welcome in our community. I don't
>> get to decide what is offensive to women[0], I get to listen to women
>> and believe them.
>
>
> It's one thing to have some social norms, and jump on people who go
> way over the top.  It's quite another to have star-chamber like
> censorship & banning.  And even more for you (a male) to take action
> on their behalf.  It seems to be awfully arbitrary to listen to (some)
> women's complaints about offensive language, while not listening to
> other women's complaints about "white knight" behavior.

A couple of things (which might as well have come after the following
paragraph, but I'm trying to keep this concise):

i) you appear to be arguing that as a man I shouldn't speak out on
feminist topics, shouldn't take action on behalf of women. This line of
argument was run when we had the weboob argument, and Miry commented on
why she doesn't often join in such arguments[0] - from which it's clear
that "no woman has complained about this particular thing" doesn't mean
that thing is inoffensive. The geek feminism wiki has an article on this
subject: 
http://geekfeminism.wikia.com/wiki/Not_a_woman

ii) "White Knighting" has a specific meaning in this context, which I
don't think you mean to accuse me of?
http://geekfeminism.wikia.com/wiki/White_knighting

Regards,

Matthew

[0] https://lists.debian.org/debian-devel/2018/07/msg00364.html
-- 
"At least you know where you are with Microsoft."
"True. I just wish I'd brought a paddle."
http://www.debian.org

Re: Censorship in Debian

[Matthew Vernon]

Miles Fidelman  writes:

> At the risk of repeating myself: I'm a firm believer in applying
> Postel's law to email discussions - "be conservative in what you do,
> be liberal in what you accept from others." Personally, I try to
> observe both parts of it, but I see more and more people doing just
> the opposite, and, if anything, leaning toward taking so much offense,
> at so much, as to be offensive for that.

The effect of this maxim is that if you're someone who isn't on the
receiving end of a lot of bad language or behaviour (because, for
example, you are a white male), then it's easy to say "Oh, I don't mind
what people say about me, so no-one else should mind either". You're
speaking from a position of relatively high social position. When you
say that to someone who is often on the receiving end of abuse (because
they're queer, or black, or trans, or a woman), you're saying in effect
"if you want to stick around here, you'll have to accept the
racist/sexist/homophobic things people say to you - otherwise you're not
being liberal in what you accept".

...which is why, of course, the Debian project has said that we won't
accept racist/sexist/homophobic/etc language in our spaces, because we
want a broad range of people to feel welcome in our community. I don't
get to decide what is offensive to women[0], I get to listen to women
and believe them. And I should then help ensure that language that is
offensive to women isn't used in Debian - it's not fair on women to have
to justify Every. Single. Time. why particular language is offensive or
offputting to women.

Regards,

Matthew

[0] WLOG to other minorities
-- 
"At least you know where you are with Microsoft."
"True. I just wish I'd brought a paddle."
http://www.debian.org

Re: On having and using a Code of Conduct

[Matthew Vernon]

Jonathan Wiltshire  writes:

> On Fri, Jan 04, 2019 at 11:26:01AM +0000, Matthew Vernon wrote:
>> Ben Hutchings  writes:
>> 
>> > On Thu, 2019-01-03 at 11:26 -0700, Eldon Koyle wrote:
>> >>   5. There doesn't appear to be an appeals process (contact DAM?)
>> > [...]
>> >
>> > There is, since any decision by the DPL or a delegate can be overridden
>> > by General Resolution.
>> 
>> This isn't really an appeals process in the usual sense, though - more a
>> Big Red Button. DAM might like to consider letting the DPL be a point of
>> review/appeal?
>
> Appeals to the DPL wouldn't be compatible with the current version of our
> constitution.

That is sort-of orthogonal to whether they'd be a good idea or not :)

Yes, I see that the constitution specifically prohibits the DPL from
withdrawing the delegation of a particular decision and from over-ruling
delegates. Presumably DAM could say "we will voluntarily refer appeals
to the DPL for their opinion and do as the DPL says", but that might be
too much of subverting the intent of the constitution. I'm not sure we
really want to have people delegated just to review DAM appeals...

Matthew

-- 
"At least you know where you are with Microsoft."
"True. I just wish I'd brought a paddle."
http://www.debian.org

Re: On having and using a Code of Conduct

[Matthew Vernon]

Ben Hutchings  writes:

> On Thu, 2019-01-03 at 11:26 -0700, Eldon Koyle wrote:
>>   5. There doesn't appear to be an appeals process (contact DAM?)
> [...]
>
> There is, since any decision by the DPL or a delegate can be overridden
> by General Resolution.

This isn't really an appeals process in the usual sense, though - more a
Big Red Button. DAM might like to consider letting the DPL be a point of
review/appeal?

Regards,

Matthew

-- 
"At least you know where you are with Microsoft."
"True. I just wish I'd brought a paddle."
http://www.debian.org

Debian's Code of Conduct, and our technical excellence

[Matthew Vernon]

Hi,

There have a few posts in recent discussions by people suggesting (or, 
at least, appearing to suggest) that there is a conflict between 
technical excellence and our Code of Conduct (or aiming to increase the 
diversity of our membership, or similar).


I think there is no such conflict, and that the idea that there is is in 
itself harmful.


In particular, "X does excellent technical work, so we should turn a 
blind eye when their violate our CoC otherwise the technical excellence 
of the project will suffer" is both wrong and harmful. If we want to 
achieve technical excellence, we will do so by having many talented 
people working together. If we restrict our talent pool to "people who 
are prepared to tolerate a toxic environment", then we are harming that 
goal.


Our Code of Conduct is not an onerous restriction on behaviour, it's a 
tool to help us build the sort of environment in which excellent 
technical people will be able to do their best work.


Regards,

Matthew

Withdrawal of Proposal - preserve freedom of choice of init systems

[Matthew Vernon]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Matthew Vernon writes:
 
 > I wish to propose the following general resolution, and hereby call
 > for seconds. I don't think further lengthy discussion of the issues is



I said that if I'd not received enough seconds by today that I would
withdraw this GR proposal. Despite one person emailing me off-list to
urge me to continue, I think it's important to do what I said I would
do, so I hereby withdraw this GR proposal.

Thanks to everyone who commented on this proposal; whilst I didn't
reply to all of your comments by any means, I did read them all.

Regards,

Matthew
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.9 <http://mailcrypt.sourceforge.net/>

iQIVAwUBUycwHBL00hyPamPIAQia3A/+PdsKganGlVTaxh31YbfILhErsKQ2kKjb
9TomVWOo4Iclks+w1LWrFwJSYG4tz07GJFnWi5Syc4tQfFVIzNt4bizBgvGUTjzD
/EI7Q9CLHHjZ7MVQe1GMAXgew3LGsE72EwDfsyn+15ZcMcvZdcpL44tSszG3YTZc
v+TmX7TT5QrMaKsJM+KbkgKgZkFX5RfC4zWeInTprJkqWyeglmMjiZ+1gQFBnQdx
q+XI1ilFeolOh6eaQUWDOdzBdu6yxScQ/cLj9/gDMk9Mp9vM9vg37oZApezn1J+Y
ylgo92qzK+4AqIEWptR+wyc8A9YX0Y03x3qkRAPrT6vzIfuBJyuvvCBv+SZM4pSz
cTEjBYOjNs9LZc8EF3OPxlaqan81E+2jdcgcu9jaoVRSxlREcG7pDKmGp+F7NYXR
dQpSW3VlpSgf6yeL+K2LZVylAG6anXnn/NN67AL0D5Asx/dwIkcixFZ63/8/I2/E
cWiUK7zrWb6cPpejWQUHy6YuIyL5wk3Y1Pv1P62remI2ZRwRHq1My3wMjv02Y7OV
g07p8gVnhLY+TuvjIks+Dnb6LS0MG/JQrNW5A/zAOEk9aXJzuxuK+zIgu7DyVSQm
3UTKHb4Aw6QPtMmetqhdMJIeL3e+kT40t4c4BfBqb4NRWqr6e3S8nAcRNRwWkCa5
MvX50Hu0uvs=
=GgTc
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/21287.12320.587622.129...@aragorn.weathertop.principate.org.uk

Re: Proposal - preserve freedom of choice of init systems

[Matthew Vernon]

Hi,

On 10/03/14 08:58, Thibaut Paumard wrote:

> I second the general resolution proposal below:

Thanks; with you and Iustin, I have 3 seconds now; 5 are needed for the
GR to go to a vote.

Regards,

Matthew


-- 
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/531da182.30...@debian.org

Re: Proposal - preserve freedom of choice of init systems

[Matthew Vernon]

Hi,

Thibaut Paumard  writes:

> I am still waiting for your answer to my concerns before I make my mind
> on seconding this GR:
> https://lists.debian.org/debian-project/2014/03/msg00024.html
> 
> The problem, I think, is that the discussion was drawn onto procedural
> technicalities rather than discussing the the actual content of your GR.

I see Ian has just addressed this in -project; I don't feel the need
to expand on what he said.

Regards,

Matthew

-- 
"At least you know where you are with Microsoft."
"True. I just wish I'd brought a paddle."
http://www.debian.org


-- 
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5bk3c60zxo@chiark.greenend.org.uk

Re: Proposal - preserve freedom of choice of init systems

[Matthew Vernon]

Hi,

Matthew Vernon  writes:

> I wish to propose the following general resolution, and hereby call
> for seconds. I don't think further lengthy discussion of the issues is



This has only had one second. In order to not prolong things
indefinitely, I'll withdraw this GR if it's not got sufficient seconds
by Monday 17th; that's about another week.

Regards,

Matthew

-- 
"At least you know where you are with Microsoft."
"True. I just wish I'd brought a paddle."
http://www.debian.org


-- 
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5bpply1gjt@chiark.greenend.org.uk

Re: Proposal - preserve freedom of choice of init systems

[Matthew Vernon]

Hi,

Steve Langasek  writes:

> Given the ambiguity about whether this GR vacates the earlier TC decision, I
> think it would be best to simply include in your GR text a statement that
> 
>   The Debian project reaffirms the decision of the TC to make systemd the
>   default init system for jessie.

The reason why I went for stating (twice) that my GR doesn't alter the
TC's choice of init system rather than reaffirming is that there might
be people who are unhappy about the choice but content to live with it
- and I'd like not to cause those people to vote against my GR. So I'd
be happy with changes that made it even clearer that I don't intend
to change the default (though, as I say, my text says so twice
already), but not things that may alienate those who don't want to
sign up to "systemd is great :-)".

Regards,

Matthew

-- 
"At least you know where you are with Microsoft."
"True. I just wish I'd brought a paddle."
http://www.debian.org


-- 
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5b4n3f37gk@chiark.greenend.org.uk

Re: Proposal - preserve freedom of choice of init systems

[Matthew Vernon]

Tollef Fog Heen  writes:

> ]] Russ Allbery
> 
> > Second, Matthew's proposal explicitly doesn't change the TC decision, so
> > I'm not even sure what you think would be aborted here.  It wouldn't have
> > any effect on the choice of default.  It dictates in a top-down manner to
> > individual developers how to do their work and undermines the flexibility
> > of Debian contributors in ways that I think are unnecessary and a little
> > condescending, and requires work be done without identifying anyone who is
> > going to do the work, which is why I voted against it.  But it's not some
> > sort of end-run around the previous decision.
> 
> The previous decision does say that it is replaced completely by the
> text of such a position statement and I do note that the proposed GR
> does, very carefully, not refer to systemd as the default.  It makes for
> a clumsier construction, which when combined with the level of legal-ish
> arguments being made here, makes me suspicious.

Please don't read anything into the lack of mentioning systemd in my
GR proposal. I in no way intend to undermine their decision that
systemd is the default linux init for jessie. I thought "The TC's
decision on the default init system for Linux in jessie stands
undisturbed." was clear enough.

Regards,

Matthew 

-- 
"At least you know where you are with Microsoft."
"True. I just wish I'd brought a paddle."
http://www.debian.org


-- 
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5ba9d82vwp@chiark.greenend.org.uk

Re: Proposal - preserve freedom of choice of init systems

[Matthew Vernon]

Hi,

Kurt Roeckx  writes:

> This might have as affect that the ctte's decision about the
> default is replaced by the result of the GR, and since this GR
> doesn't want to set the default currently it might result in not
> having a decision about the default.

I think given my current text says "The TC's decision on the default
init system for Linux in jessie stands undisturbed." this is an
unlikely outcome.

Regards,

Matthew

-- 
"At least you know where you are with Microsoft."
"True. I just wish I'd brought a paddle."
http://www.debian.org


-- 
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5beh2k35v4@chiark.greenend.org.uk

Re: Proposal - preserve freedom of choice of init systems

[Matthew Vernon]

Hi,

Stuart Prescott  writes:

> Your rationale does not explain how the normal policy process has failed to 
> deliver the outcomes required by the project. I think the project should 

Sorry about that; I rather thought that the TC failing to rule on the
issue was failing to provide clarity on this important issue.

Regards,

Matthew

-- 
"At least you know where you are with Microsoft."
"True. I just wish I'd brought a paddle."
http://www.debian.org


-- 
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5biorw35xo@chiark.greenend.org.uk

Re: Proposal - preserve freedom of choice of init systems

[Matthew Vernon]

Andreas Barth  writes:

> Thanks for the reference to the auto-nuke clause in the TC decision.
> How about adding something along the lines "To avoid any doubt, this
> decision does not replace the TC resolution" to avoid invoking that
> clause and keep the current decision (because that is also what this
> proposal wants to achive)?

I thought my original text was reasonably clear that it wasn't seeking
to change the default init system for jessie...?
 
Regards,

Matthew

-- 
"At least you know where you are with Microsoft."
"True. I just wish I'd brought a paddle."
http://www.debian.org


-- 
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5bmwh83655@chiark.greenend.org.uk

Proposal - preserve freedom of choice of init systems

[Matthew Vernon]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

I wish to propose the following general resolution, and hereby call
for seconds. I don't think further lengthy discussion of the issues is
likely to be productive, and therefore hope we can bring this swiftly
to a vote so that the project can state its mind on this important
issue. The substantive text is that which was drafted for the purposes
of the technical committee's vote (where they decided not to pass a
resolution on the subject).

Regards,

Matthew

** Begin Proposal **

0. Rationale

  Debian has decided (via the technical committee) to change its
  default init system for the next release. The technical committee
  decided not to decide about the question of "coupling" i.e. whether
  other packages in Debian may depend on a particular init system.

  This GR seeks to preserve the freedom of our users now to select an
  init system of their choice, and the project's freedom to select a
  different init system in the future. It will avoid Debian becoming
  accidentally locked in to a particular init system (for example,
  because so much unrelated software has ended up depending on a
  particular init system that the burden of effort required to change
  init system becomes too great). A number of init systems exist, and
  it is clear that there is not yet broad consensus as to what the
  best init system might look like.

  This GR does not make any comment on the relative merits of
  different init systems; the technical committee has decided upon the
  default init system for Linux for jessie.

1. Exercise of the TC's power to set policy

  For jessie and later releases, the TC's power to set technical
  policy (Constitution 6.1.1) is exercised as follows:

2. Loose coupling of init systems

  In general, software may not require a specific init system to be
  pid 1.  The exceptions to this are as follows:

   * alternative init system implementations
   * special-use packages such as managers for init systems
   * cooperating groups of packages intended for use with specific init
 systems

  provided that these are not themselves required by other software
  whose main purpose is not the operation of a specific init system.

  Degraded operation with some init systems is tolerable, so long as
  the degradation is no worse than what the Debian project would
  consider a tolerable (non-RC) bug even if it were affecting all
  users.  So the lack of support for a particular init system does not
  excuse a bug nor reduce its severity; but conversely, nor is a bug
  more serious simply because it is an incompatibility of some software
  with some init system(s).

  Maintainers are encouraged to accept technically sound patches
  to enable improved interoperation with various init systems.

3. Notes and rubric

  This resolution is a Position Statement about Issues of the Day
  (Constitution 4.1.5), triggering the General Resolution override
  clause in the TC's resolution of the 11th of February.

  The TC's decision on the default init system for Linux in jessie
  stands undisturbed.

  However, the TC resolution is altered to add the additional text
  in sections (1) and (2) above.

** End Proposal **
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.9 

iQIVAwUBUxEfVhL00hyPamPIAQiO5RAArxBpu4ODM98hhqvV2u/KOQxMyWtD3pGf
gUXyf8solvuM0E7MTveLrwjr5NveeL7wSgspoRUdWapGqIYWFclj92tgUs4E3sP8
seuf/2h2CjZDbWEAebZ3jMCmgD+eBSAX5BXVm6sF0pRLrpdHX/qB4Ppvv7LHClc2
qj57MT2iju1WXQO9DvSx9JQCceozJcTxcKRSNr4oXnvRi5gmSKdhpRjzGo0TOsDZ
3etc7W8/nMD2oKplat9pU7ejezU80z35/nnPrx9JgRQrQ+r8pL4pYt2L2N43qM+b
AEaFwrz6lDudoGr6YlFMrm2QWEzeo+tF2/it5+5RrQCXSUAq1B10AU8Bjpo1y0wc
2EjMSDVldQch+n+OlzQt2EvCXxl4dGNHAWWtkmAXISvgNaycRJeogDTwFxfQVRuw
tIeQNSXrBaHU5id4il/LjWc3X8MTmgwlxGM5lOFIac2ozWTi7dJDrg/1YqmngNwt
fXFRsyDbWcosaQQyMsnfO+CTILT8qzTc2W6IRo0hoR8Od5T4ivVD4SvNDd5Xi2eK
+C8Vo6Mbyh89+Fj1yEiNUfKGrEcZCDVopcF/Y5k5x/XIt2+Kc18ELQOn2XZV8PnR
D47rMjs53E7B8gJSwnrTiiKo5NzjOE84ranr7dO6elGG9JPdZ3yOjDEsUeUj6+ko
ucVLwJaLR30=
=J+/m
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/21265.8061.763642.6...@aragorn.weathertop.principate.org.uk

Re: systemd bad press? score card?

[Matthew Vernon]

Joey Hess  writes:

> Russ Allbery wrote:
> > I think we're still in the middle of our process, which I understand
> > that a lot of people outside the project find baffling and protracted. 
> 
> Well, not only outside the project.
> 
> The tech ctte has always operated in the past by coming to a consensus
> and then voting to satisfy the constitution's procedural requirements.

The split in the cttee on this issue makes me wonder whether the
answer is "none of the proposed systems is Correct", so we should not
tie ourselves too tightly to any particular answer just yet. That's
not to say that we shouldn't decide upon a default init system for
jessie, but rather that we shouldn't do anything that would make it
harder to change our init system to the Correct one, once the Correct
one is found/decided upon/written/...

Matthew

-- 
"At least you know where you are with Microsoft."
"True. I just wish I'd brought a paddle."
http://www.debian.org


-- 
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/5bppmt4rhm@chiark.greenend.org.uk

Re: Scientific article on Debian in PNAS

[Matthew Vernon]

Michael Hanke  writes:

> not sure if it has been mentioned somewhere already, but the Proceedings
> of the National Academy of Sciences of the United States of America (aka
> PNAS) has a paper on the evolution of software in Debian.
> 
> http://www.pnas.org/content/early/2011/11/14/1115960108.abstract
> 
> Unfortunately not open-access, but arxiv.org has the PDF

It's particularly bad given you can opt to make PNAS articles
open-access. Ironic to do work on Debian and then choose not to make
the resulting article open access.

Matthew

-- 
"At least you know where you are with Microsoft."
"True. I just wish I'd brought a paddle."
http://www.debian.org


-- 
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/5bvcpzknmy@chiark.greenend.org.uk

Re: Disputes between developers - content, draft #4

[Matthew Vernon]

Chris Lawrence <[EMAIL PROTECTED]> writes:

> IMHO this is much more likely to be effective if you first get a
> consensus that there is, in fact, a problem that needs to be dealt
> with.  The posts in the other thread suggest you haven't got such an
> agreement.

I think the amount of heat generated in this thread is enough to
suggest that Debian needs to think a little about how its developers
interact with each other.

Matthew 

-- 
"At least you know where you are with Microsoft."
"True. I just wish I'd brought a paddle."
http://www.debian.org

Christophe Rhodes on hold

[Matthew Vernon]

Hi,

Christophe Rhodes is on hold. In his own words:

The event I was waiting for has resurfaced; I applied to be a
developer (I think) before the big debate on non-free registered,
certainly in my consciousness, and if you don't mind I would like to
see the resolution before going any further; I have no wish to work
for an eviscerated Debian, though I do appreciate the technicality
that non-free is not part of Debian in any case.

Matthew

-- 
Rapun.sel - outermost outpost of the Pick Empire
http://www.pick.ucam.org

Re: [nm-admin] Need for scanner to become a maintainer?

[Matthew Vernon]

[EMAIL PROTECTED] writes:
 > Matthew Vernon <[EMAIL PROTECTED]> writes:
 > 
 > > [EMAIL PROTECTED] writes:
 > > 
 > >  > Care should be taken to choose maintainers that recieve their fax on
 > >  > the computer, so it can be used directly without another quality loss
 > >  > by scanning.
 > > 
 > > This means that people without FAX machines can't be application
 > > managers, then?
 > 
 > Why? no. It just means that some application managers need to have a
 > fax capable modem for the few cases where no scanner is available. And
 > if that fails theres allways mail.

Current infrastructure is that one AM takes one applicant. This whole
argument is rather red and herring-like though. As I have said (on
several occasions), requiring ID doesn't gain us anything, is
unnecessary, and some applicants may quite rightly object to it, so we
should remove this requirement.
 
 > 
 > I just think its a good thing for debian to know the realname of each
 > maintainer.
 > 

But we do anyway - when a key is signed, the signing developer sees
some ID that shows that the person has the name that they give on
their key.
 
Matthew

-- 
Rapun.sel - outermost outpost of the Pick Empire
http://www.pick.ucam.org

[nm-admin] Need for scanner to become a maintainer?

[Matthew Vernon]

[EMAIL PROTECTED] writes:

 > Care should be taken to choose maintainers that recieve their fax on
 > the computer, so it can be used directly without another quality loss
 > by scanning.

This means that people without FAX machines can't be application
managers, then?
 
 > I think it is good that Debian has some legal document for each
 > maintainer. Just in case some legal instance drops in (like the FBI)
 > and wants to shutdown Debian because Maintainer Foo hacked their site,
 > Debian can proof the identity of Foo.

Oh, come on. This is utter FUD.
 
 > It makes people think twice before going through the trouble of
 > becoming maintainer.

Hm. Many good developers (especially crypto types) are pretty paranoid
about this sort of thing. I think saying "lets put arbitary
constraints in the NM-process so we can reduce the number of
pplicants" is a dangerous thing to do - you can't guaruntee to remove
the "lest worthwhile" potential applicants. Sure, the process itself
should (and does) involve a certain amount of screening; but there's a
difference between carefully screening applicants to ensure that the
worthwhile ones get selected, and arbitarily trying to put people off
to reduce our workload.

Matthew

-- 
Rapun.sel - outermost outpost of the Pick Empire
http://www.pick.ucam.org

Re: [nm-admin] Identification step in the current scheme (Re: Fe

[Matthew Vernon]

Jim Westveer writes:
 > 
 > On 03-Aug-2000 Matthew Vernon wrote:
 > > Dale Scheetz writes:
 > > 
 > >  > I just can't understand the reluctance to satisfy this requirement 
 > > except
 > >  > that it is viewed by some as being too hard. I cannot, for the life of 
 > > me,
 > > 
 > > You've not been reading my emails then. I don't want random people
 > > having a copy of my passport digitised (worse still, digitised and
 > > signed my me). I know other people who would be unhappy about
 > > this. It's not necessary, so ditch it.
 > 
 > HHH its the copy of the passport idea you do not like.
 
False assertion. 
 


 > It does NOT say "Passport" or "Drivers Licence" or anything of that sort.
 > It simply says "appropriate piece of photo-identification".

So? Passport was mearly a convenient example. Any form of photo-id
that's meaningful I don't want people to have digitised copies of
lying around.

 > I would think that having ones key signed, as important as it might be,
 > is a totally different level of trust than having ones key put in the
 > Debian keyring. 

*boggle* The whole point of keysigning is that you trust this person,
and they should be included in your web of trust - i.e. your keyring.
 
Matthew

-- 
Rapun.sel - outermost outpost of the Pick Empire
http://www.pick.ucam.org

Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)

[Matthew Vernon]

Dale Scheetz writes:

 > I just can't understand the reluctance to satisfy this requirement except
 > that it is viewed by some as being too hard. I cannot, for the life of me,

You've not been reading my emails then. I don't want random people
having a copy of my passport digitised (worse still, digitised and
signed my me). I know other people who would be unhappy about
this. It's not necessary, so ditch it.

Matthew

-- 
Rapun.sel - outermost outpost of the Pick Empire
http://www.pick.ucam.org


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)

[Matthew Vernon]

Dale Scheetz writes:
 > On Wed, 2 Aug 2000, Matthew Vernon wrote:
 > > No. Why should being a debian developer require you to be able to get
 > > hold of a scanner?
 > 
 > Why should we require them to have access to a computer?

Oh come on, be reasonable. That's a non sequitur, and you know
it. They need a computer to keep their key on, build and test packages
on ,etc. etc.
 
 > We don't require this. We do require them to be "competent" enough to be
 > able to crate an image file from a document. Consider this a technical

This is not a competance issue at all. It's a technology issue.

 > performance test. 

It isn't a technical performance test at all.

 > This just doesn't seem to be the onerous task that several have made it
 > out to be. It's just another requirement for becoming a member. Why not
 > just obliterate all the requirements, and make signing up sufficient to
 > membership? We did that at one time, why not now?
 
*sigh* 
 
 > If you can't answer the above questions, you simply haven't been paying
 > attention to the particulars of the problem posed by new maintainers.

I presume the answers are obvious? We need to establish that the
applicant is who their key says they are. We need to establish they
understand and agree with Debian's principles. We need to establish
they are competant to furtil the role they have applied for. We
*don't* need to establish they can get hold of a scanner, nor that
they have a digistised photo they're willing to let us keep hold of.

Matthew

-- 
Rapun.sel - outermost outpost of the Pick Empire
http://www.pick.ucam.org


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)

[Matthew Vernon]

Dale wrote: 
 > Matthew Vernon wrote:
 > > Therefore, what does it matter that I can't remember the face of the
 > > person whose key I signed six months ago? I am still happy that I saw
 > > good ID, and that if I get mail signed/encrypted with that key that it
 > > comes from that person.
 > > 
 > While your happiness _is_ important, just how does it help the
 > administrators of Debian? I haven't seen his face, nor has the DAM. You

Because you trust me (possibly by many steps removed) to have checked
his identity correctly.

 > are the lucky one who _has_ seen his face, but we know we can not ask you
 > at this point if the face matches the name. We agree that the activity

Why does this matter? We know the face<->name mapping to be correct
now (since it was then, and face-change surgery isn't all that common).

 > actually happened at the same time we agree that we can't re-create the
 > event accurately in memory.

Why does this matter?
 
 > Why? You don't reject the requirement for showing your ID when another
 > individual asks to sign your key. How is showing your picture to the
 > administrative members of Debian any different?

Because it's unnecessary, and because I don't like other people
keeping copies of photos of me lying aroudn (so I accept other people
may not want this to happen to them either).
 
 > What threat do you experience from having an image of your face on record
 > with this group to which you belong? Will you only come to a conference in
 > disquise? Why is one acceptable and the other anathema?

I'm not saying it's anathema. I'm saying that it's unnecessary and
people may object to it - therefore it should not be a requiement to
join Debian.
 
 > This photo isn't about a "web of trust". That requirement is satisfied by
 > the key. The photo is about being able to identify our membership. As your
 > key fingerprint is not required to be barcoded onto your hand, the image
 > of your face is a good alternative.

Why do we need to identify our members' faces? It's not like Debian
know what I look like, or many other developers.

Matthew

-- 
Rapun.sel - outermost outpost of the Pick Empire
http://www.pick.ucam.org


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)

[Matthew Vernon]

Dale Scheetz writes:

I think that either Dale or myself has misunderstood something here,
since his argument makes little sense from my (albeit limited)
knowledge of how PGP/GPG keysigning works. I've kept the quoted text
below because it seems to me to be the most succinct form of his
argument. To clarify, this argument only applies to people posessing a
key signed by a Debian developer.

AIUI, the purpose of PGP/GPG keysigning is for the signer to say "this
key belongs to the signee, and I have seen ID that satisfies me to
this extent". Typically, it also means "I trust the signee to sign
others' keys".[1]

Therefore, what does it matter that I can't remember the face of the
person whose key I signed six months ago? I am still happy that I saw
good ID, and that if I get mail signed/encrypted with that key that it
comes from that person.

I reject the assertion that Debian needs a photo of the person (so
that we can meet them at the airport???[2]). Debian does not have a
photograph of me, and I intend to keep it that way.

So, given that it is unecessary for our web of trust for the applicant
to provide an image, and that some applicants may be unhappy with
Debian keeping a photograph of them, I conclude that the requirement
for an image file in the case of people with keys signed by a debian
developer should be removed.

Matthew

 > Every applicant must provide an image file of a photograph of themselves,
 > most desired is a passport or a photo ID, signed with their GPG key, in
 > order to identify themselves to the group. This image is archived by the
 > DAM as the record of the "eyeball" portion of the identification.
 > 
 > If the key is already signed by a current Debian member, no further
 > identification is necessary. Otherwise the more complex "handshake" clause
 > is executed.
 > 
 > Having a key that is signed by a Debian member, doesnot constitute
 > "eyeball" contact, as many members have admitted that, although they
 > certainly looked at ID during the keysigning, they are not certain that
 > they can still identify the person by face.
 > 
 > Having the assurance that the keyholder is the applicant (this comes from
 > the signature on their key) coupled with the signed image provided by the
 > applicant closes the eye/hand loop. Neither is sufficient without the
 > other.

[1]There's a red herring argument that "They might have just
downloaded a random public key", but we expect a PGP-signed message
from our applicants, which shows that they have the private key too.
[2]For the humour-impaired, that was sarcasm

-- 
Rapun.sel - outermost outpost of the Pick Empire
http://www.pick.ucam.org


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)

[Matthew Vernon]

 > The gain is that he presents his face to the group, in a form that we can
 > archive for "our" records, saying, "yes, we have seen this guy". This gain
 > is to the group as well as to the applicant. There is nothing to be gained
 > at this point (and much to put at risk) by presenting a false face.

But... you don't have this information for any of the current
developers, do you?

Matthew

-- 
Rapun.sel - outermost outpost of the Pick Empire
http://www.pick.ucam.org


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: [nm-admin] Identification step in the current scheme (Re: Fear the new maintainer process)

[Matthew Vernon]

Dale Scheetz writes:

 > It comes down to: Can you do "normal" things that may be required by the
 > task at hand? Scanning a passport seems to be a reasonable skill to
 > require of incoming members. Isn't it?

No. Why should being a debian developer require you to be able to get
hold of a scanner?

Matthew

-- 
Rapun.sel - outermost outpost of the Pick Empire
http://www.pick.ucam.org


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

RE: [nm-admin] Identification step in the current scheme (Re: Fe

[Matthew Vernon]

 > However, by signing an ID, or the email, I have demonstrated
 > that I do infact, possess that private key.

Well indeed, but I'd expect to get a gpg-signed mail from my applicant
as part of step 2, and I could then check the signature.

Matthew

-- 
Rapun.sel - outermost outpost of the Pick Empire
http://www.pick.ucam.org


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: The proposed GR: catch-22

[Matthew Vernon]

John Goerzen <[EMAIL PROTECTED]> writes:

> But this is wrong too.  People can still run non-free software with
> Debian if they like; as amended, the social contract would still
> explicitly state that, and that we will support people who so choose.

As is being pointed out (at length and with much flamage) on -devel,
your statement is false - by ripping the support infrastructure out
from under users of non-free, we are no longer adequatly supporting
those users.

Matthew

-- 
"At least you know where you are with Microsoft."
"True. I just wish I'd brought a paddle."
http://www.debian.org


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]