This one time, at band camp, Michael Gilbert said: > Based on discussion about making mentors official, one of the key > requirements is contributor DMUP agreement and upload authentication. > > One thought I had recently was to move the file hosting functionality > over to alioth, which already has the necessary authentication > infrastructure. The process from a contributors perspective then > would be something like:
I think that there are two main problems with this idea: First, alioth, while having an infrastructure for ssh keys, doesn't know anything about gpg keyrings and signed packages and so on, so all of that work still has to be done (and this is the hard bit - distributing ssh public keys is easy). Second, I think requiring all contributors on alioth to sign the DMUP is a very bad idea. We host some external project like SANE that have no reason to want to sign agreements about their usage of machines they'll never log in to. Even if we did think it was a good idea, account creation is entirely automatic and on demand - we have no way of ensuring people have read and agreed to something beyond adding a click through web page at creation time or something (ick!). So, I think this doesn't sound like a good fit to me, sorry. Cheers, -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : sg...@debian.org | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
signature.asc
Description: Digital signature
