la, 2008-10-25 kello 09:59 +0200, Stefano Zacchiroli kirjoitti: > A scenario I want to avoid for example is that newcomers can alter the > keyring adding tens of "friends". Such a possibility would imply that > if Debian as a project fails *once* in checking IDs and motivations > for *a single* newcomer, than that newcomer can screw us badly adding > a whole lot of people. I presume the range of nasty scenarios > starting from this one is quite big.
I would like to stress that my proposal says that any changes should be easy to undo. This is especially true for anything that may result in nasty scenarios. I haven't thought about the mechanics of this yet in any particular detail, but there are so many ways in which keyring maintenance could be arranged to achieve the goal of my proposal that I'm not worried it can't be implemented. That doesn't mean I'm adamant on having the keyring be NMUable by any DD. As an aside, I realize that all of my proposal is written very quickly, and is very short. The length is mostly a good thing. I wanted to get the idea out soon, and to see how the discussion goes. Since the core parts of my proposal seem to be received mostly in a positive manner, I think it's time to start working on a more detailed proposal, and I hope to use the DEP process for it, and gather input from all relevant or interested parties in the project. I probably won't have time to work on it for a few days, and it might be good to postpone most of it until after lenny is released anyway. However, since Joerg started the discussion, I think it was appropriate to throw the idea out now. > More generally, the solution to concentration of powers is making sure > that the same people do not play too many roles in "core" teams > (ideally, max 1), because that gets rid of "communications to self", > which are always hidden to the rest of the project. I think that would be a good idea. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
