Re: "rms-open-letter" choice 3: do not, as the project itself, sign any letter regarding rms

2021-03-28 Thread Gilles Filippini 

Bart Martens a écrit le 28/03/2021 à 10:40 :

On Sat, Mar 27, 2021 at 11:51:40AM +0100, Timo Weingärtner wrote:

Updated text:
---8<---8<---8<---
The Debian Project will not issue a public statement on whether Richard
Stallman should be removed from leadership positions or not.

Any individual (including Debian members) wishing to (co-)sign any of the open
letters on this subject is invited to do this in a personal capacity.
---8<---8<---8<---


Seconded.



Seconded.

_g.



OpenPGP_signature
Description: OpenPGP digital signature

Re: "rms-open-letter" choice 3: do not, as the project itself, sign any letter regarding rms

2021-03-26 Thread Gilles Filippini 

Michael Biebl a écrit le 26/03/2021 à 18:08 :

---8<---8<---8<---
The Debian Project will not issue a public statement on whether Richard
Stallman should be removed from leadership positions or not.

Any individual (including Debian members) wishing to (co-)sign any of 
the open letters in question is invited to do this in person.

---8<---8<---8<---

seconded


Seconded.

_g.



OpenPGP_signature
Description: OpenPGP digital signature

Re: GR: welcome non-packaging contributors as Debian project members

2010-09-14 Thread Gilles Filippini 
Hi,

Lucas Nussbaum a écrit , Le 14/09/2010 18:56:
> While I support welcoming non-packaging contributors as project members,
> I am concerned that we are creating the concept of second-class DDs (or
> at least, that it will be communicated like that).
> 
> I see two different ways to avoid that:
> 
> [A] Avoid giving DDs without upload rights any special name or title
> (like "Debian Contributors"). Their official title should be "Debian
> Developers", and they should only be special-cased in the documents
> where the distinction between DDs with upload rights and DDs without
> upload rights is important.
> 
> [B] Give everybody upload rights anyway. If we trust them to influence
> the project's decisions through voting, we should probably trust them to
> do the right thing and not upload packages when they don't feel
> qualified to. After all, I am a DD, I have the technical power to make
> changes to eglibc and upload it, but I should probably not do that. Why
> am I treated differently from DCs in that regard?
> Of course, we have a problem with security, and it's probably not very
> reasonable to have 1000 DDs able to upload every package, and connect to
> every project machine. So I think that we could use this GR to ask DSA,
> DAM and keyring-maint to investigate changes to the Debian
> infrastructure that would mitigate security issues in the case of a
> compromise of a DD's credentials.  Examples, just to illustrate what I'm
> thinking about:
> - create a "limited upload rights mode", where DDs would only be allowed
>   to upload their own packages. Action from the DD, like a login on
>   db.debian.org, would be required to switch to "full upload rights
>   mode", and that mode would auto-expire after a month without any
>   upload.
> - do something similar for access to project machines.
> 
> 
> My own preference is [B] > [A] > [original GR proposal]. But I'd like to
> hear some other opinions before working on a draft amendment for either
> [A] or [B].

I second Lucas' proposal, with the very same preference order.

Thanks,

_gilles.



signature.asc
Description: OpenPGP digital signature