On 2025-03-25 12:06, G. Branden Robinson wrote:
2. Will you articulate a policy that no Debian Developer shall occupy more than one delegated role at a time?3. Will you ask any Debian Developers enjoying multiple delegations to resign from all but one of their choice?
I have some concerns about this.It seems like this could just lead to broader delegations. For example, instead of having "General Team" with A, B, C, D, & E, and "Specific Team" with A, B, and C, just drop the "Specific Team". For a partially made-up example, imagine we had system administrators and then separate sub-teams for different subsets (e.g. web sysadmins, email sysadmins). Forcing an "only one delegation" rule here doesn't help anything, as the DPL would just eliminate the sub-teams in favor of one overall team. Where the subteams are used to limit access, this change would thus violate the Principle of Least Privilege.
Additionally, the fact that people are wearing multiple hats probably indicates that was necessary to get the job done. There are 142 person-delegations to 103 persons. [1] Losing the duplicates seems like it would negatively impact the available volunteer time.
[1] https://www.debian.org/intro/organization -- Richard
OpenPGP_signature.asc
Description: OpenPGP digital signature
