Quoting Ximin Luo (2017-01-05 13:51:00)
> Jonas Smedegaard:
>> Quoting Ximin Luo (2017-01-05 12:53:00)
>>> Pirate Praveen:
>>>> On വ്യാഴം 05 ജനുവരി 2017 04:22 വൈകു, Jérémy Lal wrote:
>>>>> This is great, but is this serious ?
>>>>> Anyone knows what's happening ?
>>>> I'm taking a packaging workshop at College of Engineering Pune .
>>>> This is 4th day of the workshop and many have completed their packages
>>>> and are ready for upload.
>>> Hi, please don't add these people.
>>> People in the alioth group have read-write access to all
>>> I don't think it's right to give this many people, who show up at an
>>> event, this level of access without any other requirement. It is too
>> We do not in this team have any rules for membership that one must
>> first prove her worth by packaging outside of Debian, not that they
>> must use their spare time doing so!
>> I am concerned if people requesting to join are fully aware what it is
>> they join, which is why I asked about that. But I see nothing wrong
>> with approving people we don't know well.
> > We must recognize that we have little security fencing the assets of
> > this team, and treat them accordingly (double-check what you pull, sign
> > changes you make, etc.). Making it harder to join this team does *not*
> > help secure our assets!
> We don't have hard rules, but we all have our ideas about what is
> right or wrong. For you, it is a question of "are they aware". For me,
> I explained it in my other email, and it roughly overlaps with "are
> they aware".
> The security aspect is just one factor, not the main factor.
Ok, you now tell me that security is not the main factor.
I clearly read your previous email as if security was the main factor
for rejecting these requests. For clarity of discussion I shall
*ignore* the security factor.
> But to give more detail, (a) just because we have "little" security,
> doesn't mean we have to make it quantitatively worse, which we will do
> if we add anyone that asks - it adds surface area. And (b) the
> standards of time and continual maintenance that I described
> elsewhere, also indicates that a person is careful about their general
> computing practices, which also helps to not-reduce security -
> compared to giving access to a random person.
Do I understand you correctly that in your opinion the main factor is
devotion to continued mainentance?
If so, then we agree on what is "main factor" - but still we disagree on
how to then deal with it:
It seems Praveen find it reasonable to approve "because they are ready
to upload their packages", and it seems you find that exact situation
reason for rejecting. I find it neither reject nor approve reason.
I welcome into this team any and all persons who feel they are ready to
*maintain* official Debian packages. I find it wrong to impose
restrictions on that, but I want to emphasize _maintain_ - this team is
contribute to Debian in other ways than continuous mainenance).
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private