Hi,
Lucas Nussbaum a écrit , Le 14/09/2010 18:56:
> While I support welcoming non-packaging contributors as project members,
> I am concerned that we are creating the concept of second-class DDs (or
> at least, that it will be communicated like that).
>
> I see two different ways to avoid that:
>
> [A] Avoid giving DDs without upload rights any special name or title
> (like "Debian Contributors"). Their official title should be "Debian
> Developers", and they should only be special-cased in the documents
> where the distinction between DDs with upload rights and DDs without
> upload rights is important.
>
> [B] Give everybody upload rights anyway. If we trust them to influence
> the project's decisions through voting, we should probably trust them to
> do the right thing and not upload packages when they don't feel
> qualified to. After all, I am a DD, I have the technical power to make
> changes to eglibc and upload it, but I should probably not do that. Why
> am I treated differently from DCs in that regard?
> Of course, we have a problem with security, and it's probably not very
> reasonable to have 1000 DDs able to upload every package, and connect to
> every project machine. So I think that we could use this GR to ask DSA,
> DAM and keyring-maint to investigate changes to the Debian
> infrastructure that would mitigate security issues in the case of a
> compromise of a DD's credentials. Examples, just to illustrate what I'm
> thinking about:
> - create a "limited upload rights mode", where DDs would only be allowed
> to upload their own packages. Action from the DD, like a login on
> db.debian.org, would be required to switch to "full upload rights
> mode", and that mode would auto-expire after a month without any
> upload.
> - do something similar for access to project machines.
>
>
> My own preference is [B] > [A] > [original GR proposal]. But I'd like to
> hear some other opinions before working on a draft amendment for either
> [A] or [B].
I second Lucas' proposal, with the very same preference order.
Thanks,
_gilles.
signature.asc
Description: OpenPGP digital signature