Re: Questions for all candidates: decentralization of power
On 19/03/10 at 22:57 +0100, Wouter Verhelst wrote: On Fri, Mar 19, 2010 at 10:36:53PM +0100, Wouter Verhelst wrote: On Fri, Mar 19, 2010 at 06:44:23PM +, Clint Adams wrote: Is there any legitimate reason that wanna-build access should be restricted to any group smaller than the entirety of gid 800 membership? There was. [...snip history...] Of course, this bug has now been fixed: rather than using a libdb-based database, wanna-build is now running off a postgresql database. As such, it might be prudent to investigate whether giving regular developers read-access to that database could be doable (it might be difficult, given that wanna-build runs on a restricted host currently, or it might be simple; this is something for the wanna-build team to look into). But I don't think it's unfair to wait a while until all the issues have been dealt with before thinking about giving the developer body access to the database. It was pointed out to me on IRC by a member of the Debian sysadmin team that this has in fact already happened: buildd.debian.org, aka cimarosa.debian.org, is not a restricted host, and the wanna-build database is not restricted; every DD is able to access the database. Also, the public part (as in: not the security builds, for example) is imported into UDD (wannabuild table). -- | Lucas Nussbaum | lu...@lucas-nussbaum.net http://www.lucas-nussbaum.net/ | | jabber: lu...@nussbaum.fr GPG: 1024D/023B3F4F | -- To UNSUBSCRIBE, email to debian-vote-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100320065537.ga2...@xanadu.blop.info
Re: Questions for all candidates: decentralization of power
On Saturday 20 March 2010, Wouter Verhelst wrote: It is of course reasonable to require that people familiarize themselves with how things are set up before being given access. But beyond that, if they are Debian Developers, getting access to the webwml repository is a no-brainer, AIUI. If I'm mistaken, then please do enlighten me. No, you're not. But IMO it's still a valid reason not to grant access by default, as was suggested. -- To UNSUBSCRIBE, email to debian-vote-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201003201310.58958.elen...@planet.nl
Re: Questions for all candidates: decentralization of power
Le Fri, Mar 19, 2010 at 06:44:23PM +, Clint Adams a écrit : I had meant to send three sets of questions on Thursday morning, but things kept coming up, so I will send an unfinished one now. 1) 114 people have commit access to webwml. 2) wanna-build access is restricted 3) An ftpmaster cabal 4) The tech-ctte has the power to appoint its own members. 5) Is there any part of Debian that should be restricted to a small subset of developers, and if so why? Dear Clint, I also think that there are many restricted operations that should be opened. Write access to our website, chosing the priority and section of our pacakges, triggering bin-NMUs, designating new members, inspecting new packages submitted to our archive, … I see two possible reasons to keep some restrictions. a) Social. Just writing that we think that restrictions must be lifted is not enough; we need to be convincing. If a majority of DDs agree to open only a part of the infrastructure, I think that it is better to accept the remainig restrictions, and re-open the discussion in one or two years later when we can show the benefits. b) Security: if one DD account is compromised, some mechanisms can limit the harm caused by intruders. For instance, there could be a temporisation system that delays for a couple of hours the effect of some commands, and I would agree to have a restricted number of persons with the ability to bypass this temporisation, for instance when some critical dysfunctions have to be corrected immediately. Lastly, I think that we need some referees for our technical disagreements, and the technical comittee fits well that role. If I am elected DPL, I will ping its members and ask them if they would like to leave their seat to fresh persons. I do not think that it is a bad thing that the comittee is not elected. Its role is not to proportionaly represent currents of opinion within Debian, but in contrary to make decisions that reflect the Project's consensus. Have a nice week-end, -- Charles Plessy Tsurumi, Kanagawa, Japan -- To UNSUBSCRIBE, email to debian-vote-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100320154644.ga2...@kunpuu.plessy.org
Re: Questions for all candidates: decentralization of power
Hi Charles, Am Sa, 20.03.2010, 16:46, schrieb Charles Plessy: Lastly, I think that we need some referees for our technical disagreements, and the technical comittee fits well that role. If I am elected DPL, I will ping its members and ask them if they would like to leave their seat to fresh persons. I do not think that it is a bad thing that the comittee is not elected. Its role is not to proportionaly represent currents of opinion within Debian, but in contrary to make decisions that reflect the Project's consensus. I'm not sure I understand you correctly here. Are you saying that you will -- if elected DPL -- suggest the current members of the technical comittee to step back just for the sake of having new people in their seats? Hauke -- To UNSUBSCRIBE, email to debian-vote-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/0b6cda2373208258ed9b32cb0bc9f7ee.squir...@webmail.jhr-online.de
Re: Questions for all candidates: decentralization of power
On Fri, Mar 19, 2010 at 06:44:23PM +, Clint Adams wrote: I had meant to send three sets of questions on Thursday morning, but things kept coming up, so I will send an unfinished one now. Well, thanks anyhow, this is a heck of a question! I start answering by exposing what I think should be the general principle governing our infrastructure, then I'll delve in your specific questions. Let's start thinking at the package maintenance model. Each package has either a single maintainer or a maintenance team; nevertheless all DDs can upload all packages of the archive. In such a potentially anarchic model, it is the sense or responsibility that keeps things going well. While I personally *can* NMU, say, an X.org driver or a Common Lisp library (of both I know very little), I generally don't do that unless I'm sure I know what I'm doing (e.g. I'm fixing some packaging issue which has nothing to do with the specific nature of the package). That model can also be found in VCS (not only Debian's) where a lot of people have commit write access, but each one has only knowledge/duties on specific code areas. (In fact I've been pushing for adopting a similar model for packaging several years ago [1], with not so much success. Nevertheless there are some packages in the archive to whose VCS any DD can commit; a recent wonderful example I've actually used exploited is dctrl-tools, see its README.Debian.) I believe we should adopt such a model in most of our project technical activities. When I my platform I mention that I believe we should diminish strong package ownership, it is this model applied to packaging. Having it applied elsewhere is a worthwhile goal too (mind you, a goal that the DPL alone has not necessarily the powers to achieve, though). [1] http://upsilon.cc/~zack/blog/posts/2007/08/DD_wide_commit_on_alioth/ There are a couple of issues with generalizing this model though. First of all I do not believe it is fully general (see my answer to question (3)). Additionally, if we want this model to spread more, we need ways to counter abuses and we need to be credible in applying them. I stress the latter point because with package maintenance we have a bad track record in dealing with maintainers which do not reply or generally do not maintain their packages properly anymore. Will we be able to counter the equivalent of those problems in other project area? I don't know, but it is worth trying. 1) 114 people have commit access to webwml. Given that version control makes it easy to undo changes, minimizing risk and impact, are there any legitimate reasons why this repository should be restricted to a group any smaller than the whole of gid 800? No. However I surely don't want to see commit/editing battles going prime time on www.debian.org. That website is meant to be our face on the web, it deserves more caution than that. So, while DD-wide commit access write is probably fine, the act of uploading the result of commits should be more conscious. That does not necessarily mean that it should be restricted, but it should be clear that it has an important effect (as much as it is clear the difference between committing to a package VCS and uploading the resulting package to the archive). It has been observed in this thread that one need to know what he/she is doing when committing. Sure, but that is the case also when doing an NMU. The point is giving out responsibilities and make people aware of the results of their actions, eventually blocking them a posteriori. [ Disclaimer: I don't know the technical setup of www.d.o, so I don't know if there is a different between commit time and publish time. Until I fix this ignorance of mine, that would surely block me from committing, for instance :-) ] 2) wanna-build access is restricted to a small number of developers, but there is no uncorrectable damage that can be caused by someone making mistakes. Is there any legitimate reason that wanna-build access should be restricted to any group smaller than the entirety of gid 800 membership? No, not in principle. There might be technical reasons though. Wouter for instance has detailed the technical reason for that to exist in the past. It occurs to me that until the buildd queue guarantee some form of fairness (i.e. all packages eventually get a chance to be built) having lots of DDs scheduling arbitrarily builds can starve certain batches of packages and/or architectures. And in such a case, there will be no single DD to blame: a chaotic set of individual well-meant actions can have a bad effect, and past history shows that just sending out announcements like please don't do X until ... don't work. In case there are technical reasons (i.e. bugs) that block opening up some access restrictions, I believe we should advertise them and then have as high priorities the fix of those bugs. That, however, does not magically make the bug go away. 3) An ftpmaster cabal of times long past
Q for all candidates: license and copyright requirements
Hi all, with 20100124144741.gd13...@kunpuu.plessy.org Charles Plessy came up with a draft GR Simplification of license and copyright requirements for the Debian packages.. I'd like to know from Charles Plessy if the draft from January still reflect his current opinion or if his mind changed. From the other candidates I'd like to know their opinion and plans (if there are any) about license/copyright requirements in Debian. Thanks, Bernd -- Bernd ZeimetzDebian GNU/Linux Developer http://bzed.dehttp://www.debian.org GPG Fingerprints: 06C8 C9A2 EAAD E37E 5B2C BE93 067A AD04 C93B FF79 ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F signature.asc Description: OpenPGP digital signature
Re: Questions for all candidates: decentralization of power
Charles Plessy ple...@debian.org writes: Lastly, I think that we need some referees for our technical disagreements, and the technical comittee fits well that role. If I am elected DPL, I will ping its members and ask them if they would like to leave their seat to fresh persons. I'm a little bit confused about why you would do this. Could you explain more what the motivation would be? -- Russ Allbery (r...@debian.org) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to debian-vote-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87bpeibyri@windlord.stanford.edu
Re: Questions for all candidates: decentralization of power
Stefano Zacchiroli wrote: [ Disclaimer: I don't know the technical setup of www.d.o, so I don't know if there is a different between commit time and publish time. Until I fix this ignorance of mine, that would surely block me from committing, for instance :-) ] No, there is not. The website is rebuilt (as needed) every 8 hours based on whatever is in CVS at that time. -- To UNSUBSCRIBE, email to debian-vote-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201003202022.46903.elen...@planet.nl
Re: Q for all candidates: license and copyright requirements
Le Sat, Mar 20, 2010 at 07:45:30PM +0100, Bernd Zeimetz a écrit : Hi all, with 20100124144741.gd13...@kunpuu.plessy.org Charles Plessy came up with a draft GR Simplification of license and copyright requirements for the Debian packages.. I'd like to know from Charles Plessy if the draft from January still reflect his current opinion or if his mind changed. Dear Bernd, my current opinion is reflected by 20100207153515.ga20...@kunpuu.plessy.org, in which I clarified my proposal according to the first round of comments. In summary: 1) For the reproduction of copyright notices, let's do what law and licenses require from us, and not more. 2) I think that the Debian operating system is defined by the interaction of its binary version and the source files necessary to use, study, modifiy and redistribute it. Non-DFSG-free files that happen to be codistributed with the source of the Debian operating system but have no function at all are not part of the system, and I would like maintainers to be allowed to keep these files in the original upstream material if it simplifies their work. Lastly, I am not sure if I will ask sponsors for this GR, as I wrote: ‘A GR that is accepted by a large majority is not necessarly a waste of time, because it dissipates misunderstantings that can arise with tacite agreements. But yes, there are alternatives, like electing a DPL that supports this change in his platform.’ So I am definitely interested to read the opinion of the other candidates :) Cheers, -- Charles Plessy Tsurumi, Kanagawa, Japan -- To UNSUBSCRIBE, email to debian-vote-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100321021728.gd31...@kunpuu.plessy.org
Re: Questions for all candidates: decentralization of power
Le Sat, Mar 20, 2010 at 05:59:35PM +0100, Jan Hauke Rahm a écrit : I'm not sure I understand you correctly here. Are you saying that you will -- if elected DPL -- suggest the current members of the technical comittee to step back just for the sake of having new people in their seats? Le Sat, Mar 20, 2010 at 12:04:33PM -0700, Russ Allbery a écrit : I'm a little bit confused about why you would do this. Could you explain more what the motivation would be? Hi, I think that a good ping email contains an invitation to think about one's involvement in the future. People may forsee a reduction of the time they can give to Debian, or they are increasingly interested in other activities within Debian. Unless we think that nobody else than the current members are qualified for the task, I think that it is useful to remind them that they are free to pass the baton if they wish. I will not propose to the chairman of the technical comittee to rotate a member who has answered to the ping. Have a nice Sunday, -- Charles Plessy Tsurumi, Kanagawa, Japan -- To UNSUBSCRIBE, email to debian-vote-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100321030437.ge31...@kunpuu.plessy.org