Re: Bug#889616: nm.debian.org: please block DM applications until the key requirements are satisfied
On Fri, Feb 16, 2018 at 07:00:41PM +0100, Mattia Rizzolo wrote: > > Let's be clear, the only rejected UID I recall > > recently was someone applying for DM status who had added an @debian.org > > email address to their key which they had no entitlement to. > keyring-maint hat> > > There also was one with an UID with a completely different name from the > others (I don't remember if that one was rejected by you or just frowned > upon but later approved). For the record, I have no problems with pseudonyms. > > At the moment there is no requirement on Front Desk to get involved in a > > process before it's been confirmed that an applicant has an advocate and > > is ready to progress in their application. Your proposal would instead > > require that Front Desk get involved at the start of any process and > > prevent any action until they had done so. That pushes the up front work > > from a large pool of potentials (the advocates) to a small, overworked > > team (Front Desk). > > Well, they already have to, to approve the key. > Yes, this would block the processes until that (quite critical) part of > the process is not cleared. I like the idea that a process collects advocacies and statements of intent before key requirements are satisfied. When a process shows up in the AM dashboard with all requirements satisfied except key signatures, ideally someone from Front Desk can realise that there are indeed people who'd like to have that person become DM, and then try and help getting signatures, like by asking where one lives, if one can move, mailing -private asking for help, and so on. That's the ideal thing. There's the problem that currently there seem to be not enough people in Front Desk to do that. If the latter can be solved, that'd be wonderful. If Front Desk cannot easily be restaffed, I'd reevaluate the big picture of how to enter Debian in view of that. Enrico -- GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini signature.asc Description: PGP signature
Re: Bug#889616: nm.debian.org: please block DM applications until the key requirements are satisfied
On 05.02.2018 00:48, Mattia Rizzolo wrote: > ¹ as the process will then have to be restart if wanted, and previous > advocacies will have to either be re-made (i.e. bother the advocate > again) or some nm.d.o admin will need to carry it over to the new > process (not going to happen), or an FD need to manually approve the > requirement (i.e. bother FD + cause confusion to everybody because the > process doesn't link any advocacy, etc). can't help noticing how debian is not stellar in maintaining their websites, but when it comes to inventing ways to "bother" people, no effort is spared.
Re: Bug#889616: nm.debian.org: please block DM applications until the key requirements are satisfied
On Wed, Feb 14, 2018 at 04:09:11PM +, Jonathan McDowell wrote: > On Mon, Feb 05, 2018 at 12:48:06AM +0100, Mattia Rizzolo wrote: > > "unacceptable uid, rejected by keyring-maint". > > Let's be clear, the only rejected UID I recall > recently was someone applying for DM status who had added an @debian.org > email address to their key which they had no entitlement to. keyring-maint hat> There also was one with an UID with a completely different name from the others (I don't remember if that one was rejected by you or just frowned upon but later approved). > > I believe the processes should not proceed (in particular, not accept > > advocacies) until the key is not valid, or manually accepted by FD. > At the moment there is no requirement on Front Desk to get involved in a > process before it's been confirmed that an applicant has an advocate and > is ready to progress in their application. Your proposal would instead > require that Front Desk get involved at the start of any process and > prevent any action until they had done so. That pushes the up front work > from a large pool of potentials (the advocates) to a small, overworked > team (Front Desk). Well, they already have to, to approve the key. Yes, this would block the processes until that (quite critical) part of the process is not cleared. > > Those 6 processes I've looked at don't show any sign of a solution in > > sight, and will probably be closed by FD one of these days, causing > > unhappiness for all the involved parties¹. > From where I'm sitting it's not clear that is an improvement. Those > processes with invalid keys will still be stalled, they will still sit > visible in the Front Desk web interface until closed out or the key > issues are fixed and really the only slight positive seems to be that > advocates won't have to send advocacies for people who might not make it > through the process. It would also avoid bad feelings from potential DMs who see their processes manually closed for inactivity when they have everything and only lack a signed key. As a matter of fact, I know there is a timeout thing somewhere closing processes without any advocacy after a while. That would allow this mechanism to work for DMs without good enough keys, without manual involvement (and avoids "damn Mattia, closing my process!"-thoughts). -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature
Re: Bug#889616: nm.debian.org: please block DM applications until the key requirements are satisfied
On Mon, Feb 05, 2018 at 12:48:06AM +0100, Mattia Rizzolo wrote: > Currently we have 6 DM processes that have been stalled for many months > (the oldest started last May, i.e. 9 months ago) because of issues with > the applicant GPG key. > Issues range from "no signatures at all" through "no dd signatures" to > "unacceptable uid, rejected by keyring-maint". Let's be clear, the only rejected UID I recall recently was someone applying for DM status who had added an @debian.org email address to their key which they had no entitlement to. > I believe the processes should not proceed (in particular, not accept > advocacies) until the key is not valid, or manually accepted by FD. > Those 6 processes I've looked at don't show any sign of a solution in > sight, and will probably be closed by FD one of these days, causing > unhappiness for all the involved parties¹. At the moment there is no requirement on Front Desk to get involved in a process before it's been confirmed that an applicant has an advocate and is ready to progress in their application. Your proposal would instead require that Front Desk get involved at the start of any process and prevent any action until they had done so. That pushes the up front work from a large pool of potentials (the advocates) to a small, overworked team (Front Desk). From where I'm sitting it's not clear that is an improvement. Those processes with invalid keys will still be stalled, they will still sit visible in the Front Desk web interface until closed out or the key issues are fixed and really the only slight positive seems to be that advocates won't have to send advocacies for people who might not make it through the process. J. -- Revd Jonathan McDowell, ULC | Funny how life imitates LSD. signature.asc Description: PGP signature
Bug#889616: nm.debian.org: please block DM applications until the key requirements are satisfied
Package: nm.debian.org X-Debbugs-Cc: debian-newmaint@lists.debian.org Currently we have 6 DM processes that have been stalled for many months (the oldest started last May, i.e. 9 months ago) because of issues with the applicant GPG key. Issues range from "no signatures at all" through "no dd signatures" to "unacceptable uid, rejected by keyring-maint". I believe the processes should not proceed (in particular, not accept advocacies) until the key is not valid, or manually accepted by FD. Those 6 processes I've looked at don't show any sign of a solution in sight, and will probably be closed by FD one of these days, causing unhappiness for all the involved parties¹. I don't know how the situation is in DD processes, but there seem to be no DD processes stuck at "keycheck" in the AM dashboard, so perhaps that's not a issue for those, but otherwise I think the same considerations there should apply. A quick pool in #debian-newmaint reveled no opposition, so I'm opening a bug report requesting the feature to be implemented, and at the same time posting this to debian-newmaint@ to check if anybody would be too upset by the change. ¹ as the process will then have to be restart if wanted, and previous advocacies will have to either be re-made (i.e. bother the advocate again) or some nm.d.o admin will need to carry it over to the new process (not going to happen), or an FD need to manually approve the requirement (i.e. bother FD + cause confusion to everybody because the process doesn't link any advocacy, etc). -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature
