This one time, at band camp, Steve Langasek said: > On Fri, Jul 31, 2009 at 04:03:14PM +0200, Joerg Jaspert wrote: > > Currently we think a good way to do this is to have the applicant be > > known to multiple Debian Developers who speak up for them to the DAM. > > The applicant, who should be a long-term contributor already, also needs > > to be willing to reveal his identity to the DAM, DSA and the > > at-that-time-acting leader, together with the reason why he wants the > > synonym to be used. Those mails can, of course, be encrypted to the > > various persons. > > > That way there can be exceptions but the project still can trace people > > if they really need it, going through the persons mentioned above. > > Encrypting this information to "the various persons" implies that the > project itself can lose access to this information if those people all > become unavailable in the future. Is the information also stored somewhere > that DSA (the role, not the people currently in it) will be able to recover > that information if needed?
DSA currently uses the pws helper application (http://svn.noreply.org/git/pwstore.git) to encrypt various files to several gpg keys at the same time. As people come and go from role accounts, the files can be reencrypted as need be, so long as one person can still decrypt it. While not perfect, it does help to reduce the bus factor. This is not to say that we currently have any information for vagrant stored that way, but I assume that when the time comes, we'll do something along those lines. Cheers, -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : [email protected] | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
signature.asc
Description: Digital signature
