On 23/07/13 23:36, Iain Lane wrote: > I'm not sure what additional/different quality control would be > necessary. Is your concern that by not being Ubuntu members these folk > don't have skin in the game and therefore might be less careful in > their work in Ubuntu? I think that a necessary component of any > successful application to the DMB should be that the board satisfies > itself of the individual's technical competence and trustworthinesss. > Beyond that, both members and non-members can screw up and we (the > developer community at large) would deal with either in the same way. > Cheers,
Accepted that mistakes happen, and our governance should not aim for a false sense of security. My main thought was that we always want to ensure that there are active forces steering things in the right direction. My concern would be, if a person 'leads' a packageset and gives another person permission to upload, who then drifts away, that we may be vulnerable to a social attack if their keys were compromised. The Forums hack seems to have been exactly this - one admin gave another access years ago, and then that'caused an issue today. Mark
signature.asc
Description: OpenPGP digital signature
-- technical-board mailing list technical-board@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/technical-board
