On Sun, 28 Mar 1999, Darren O. Benham wrote: > On Sun, Mar 28, 1999 at 05:21:55PM -0700, Jason Gunthorpe wrote: > > Eh? You can't be a Debian developer without an account on master, if Lars > Sure you can. Lars is.
Ah, let us be a little more clear here. If we move to using a central directory for developers then anyone not in that directory is NOT a developer. In theory the primary pgp/gpg key ring would be generated from entries in the direction, pgp verification of uploads and votes would be done against the directory, login account management and authentication would be done against the directory, etc. If you are a developer now and you don't have an account then you will get one when we have a directory or you will not be a developer. Simple as that. > Sure, but they don't have to be master. There's the other queues that can > be uploaded to.. technically, someone on the web team doesn't even need an > account on va.debian as long as they have a cvs password.. Yes, I am aware of upload queues and CVS.. CVS is difficult to track unfortunately :< The upload queues could be done with a timer like mechanism that I described for the login process.. > > As for remembering passwords, you can always just re-enter the old one I > > suppose. > As long as it's allowed. The last time I had expiring passwords, they > could not be the same. I know that is the default, I think I'd disable that feature though.. We've got enough people now that we have to find some way to identify inactive developers, or at some point we will have 1000 developers with only 200 active and any vote will fail due to an impossible quarum! This is a nice simple mechanism, a developer has to do one of these at least once a year: Login to master/va/faure/etc Upload a package Vote Send a pgp signed email to some address How does that sound? (quite a bit different then simple password aging :>) If a developer does not do the above in a year and a month then their developer status is suspended and they must do some procedure to re-activate their developer status (what this procedure would be is uncertain..). Just before the year mark an automated email could be sent, at the year mark another could be sent and at the year and a month mark an automated mail to -private could be sent (and theoretically all their packages should magically become the property of debian-qa?) Maybe after 2 years or so their information would be dropped from the database and they would have to re-do the new-maintainer process? How is that for some other ideas? [Times and numbers are subject to adjustment of course] Jason
