Am 18.06.26 um 14:31 schrieb Otto Kekäläinen: > Hi, > > For me personally, a major reason to trust Debian as my OS stems from > Debian having in general pretty good security practices, both in > preventing issues and in having such archives and transparency that > investigating security failures after they have happened is mostly easy[1]. > > However, one thing that has worried me for a long time is how access > control is done on Salsa. > > I would like to improve the situation starting from the Go team, and > thus I want to propose a policy for how team memberships are granted and > revoked, what levels of access exist inside the team, what avenues exist > to contribute without formal access, and how we encourage code reviews > as a way to both onboard new members and keep existing members involved. > > Before I post a draft, I wanted to check if others here think alike and > if having a policy for team membership would be useful? > > Or do people dismiss such things as excess "bureaucracy" and think the > current state of things is just fine, and worrying about potential > misuse is unfounded?
Hi Otto, I don't think that the go team needs a policy for membership. To me, that seems like it raises the barrier for contributions higher. I guess that the trust in Debian that you've mentioned is probably due to the fact that only selected people are allowed to upload directly (DDs and DMs). All other contributions need to be checked by a DD anyway. Given that only few people are currently visibly active in the go team, I would rather welcome new contributors by letting them join on salsa immediately. I don't think that new contributors could do much harm, because nothing from salsa gets uploaded to Debian automatically. My personal experience is that I've been able to join many teams right away after asking. That feels very nice and welcoming. Also, it simplifies my contributions greatly, because I can work already in the proper namespace of that team. Regards, Tobias
OpenPGP_signature.asc
Description: OpenPGP digital signature
