Hello,
On Sun, 23 Oct 2022, Didier Raboud wrote:
> (Sorry for the delay in getting back to that thread. #life)
Me even worse ;-)
> Specifically, this is something I'd like to discuss in more extensive terms.
> I
> think I'm postulating that Debian would be in a better place with a "Debian
>
Didier Raboud wrote:
> What most respondents have gotten across as the bulk of my proposal seems to
be: "we could limit upload rights to certain packages"
>
> ... where what I was trying to get across was: "we could team-maintain the
core of Debian (and by extension, other subsets)"
Frankly, readi
(Sorry for the delay in getting back to that thread. #life)
What most respondents have gotten across as the bulk of my proposal seems to
be: "we could limit upload rights to certain packages"
... where what I was trying to get across was: "we could team-maintain the
core of Debian (and by exten
On Tue, Oct 18, 2022 at 07:25:39AM -0700, Russ Allbery wrote:
> This is probably my security brain from my day job, but I would prefer to
> be able to drop permissions that I'm not currently using, as long as I can
> get them back easily. It reduces the blast radius of mistakes and
> compromises.
Hi,
* Johannes Schauer Marin Rodrigues [2022-10-12 10:49]:
If I understand what you write correctly, then you propose to put into place a
technical barrier for uploading other people's packages. But that will not
reduce the ownership (or hegemony) of developers over their packages and thus
not
On 10/18/22 16:25, Russ Allbery wrote:
I think there's some merit for being able to
restrict and expand your own permissions
As much as I understand, *self-controlling* your own rights is not the
original proposal.
Cheers,
Thomas Goirand (zigo)
On Tue, 2022-10-18 at 13:00 +0200, Thomas Goirand wrote:
> On 10/18/22 00:07, Charles Plessy wrote:
> > If it is
> > easy for those who need to get archive-wide priviledges, it is also easy
> > to start without that priviledge as a default.
>
> I really would hate having 2 sets of uploading DDs. O
Thomas Goirand writes:
> I really would hate having 2 sets of uploading DDs. One with the
> archive-wide privilege, and the one without. Then you'd need to ask for
> that right, and potentially have to explain why you need it. This is a
> terrible idea, with not enough justification (IMO).
This
On 10/18/22 00:07, Charles Plessy wrote:
If it is
easy for those who need to get archive-wide priviledges, it is also easy
to start without that priviledge as a default.
I really would hate having 2 sets of uploading DDs. One with the
archive-wide privilege, and the one without. Then you'd nee
On Wed, 2022-10-12 at 16:09 -0700, Russ Allbery wrote:
> Pierre-Elliott Bécue writes:
>
> >
>
> Is there some way right now for me to say "any Debian contributor
> with
> upload rights should feel free to merge changes and upload this
> package
> without needing to consult me at all, and I will
Hi Nilesh,
Le Sun, Oct 16, 2022 at 03:16:11PM +0530, Nilesh Patra a écrit :
>
> IMHO the "risk assessment" for most DDs is already done via NM process.
> Usually people are mindful of when they upload, and do ask others
> for opinions when they do NMU's.
The risk assessment I suggest is for the
On 2022-10-13 Santiago Ruano Rincón wrote:
> Package: lists.debian.org
> Severity: wishlist
> Dear list masters and fellow Debian peers,
> I hereby would like to propose to create a mailing list for
> collaborative maintenance.
> Name: debian-collab-maint
> Rationale:
> El 13/10/22 a las 07:0
Hi Charles,
On Sun, Oct 16, 2022 at 01:06:23PM +0900, Charles Plessy wrote:
> Le Wed, Oct 12, 2022 at 12:14:35AM +, Scott Kitterman a écrit :
> >
> > What fraction of security issues we've had in Debian do you think
> > narrower upload permissions would have prevented?
>
> Exactly zero. But
On Sun, Oct 16, 2022 at 01:06:23PM +0900, Charles Plessy wrote:
> Le Wed, Oct 12, 2022 at 12:14:35AM +, Scott Kitterman a écrit :
> >
> > What fraction of security issues we've had in Debian do you think
> > narrower upload permissions would have prevented?
>
> Exactly zero. But my comment i
Le Wed, Oct 12, 2022 at 12:14:35AM +, Scott Kitterman a écrit :
>
> What fraction of security issues we've had in Debian do you think
> narrower upload permissions would have prevented?
Exactly zero. But my comment is not about the past, it is about the
future.
I think that a proper risk as
On Wed, Oct 12, 2022 at 10:19:28PM -0700, Russ Allbery wrote:
> Tobias Frost writes:
> > On Wed, Oct 12, 2022 at 04:09:54PM -0700, Russ Allbery wrote:
>
> >> Is there some way right now for me to say "any Debian contributor with
> >> upload rights should feel free to merge changes and upload this
Package: lists.debian.org
Severity: wishlist
Dear list masters and fellow Debian peers,
I hereby would like to propose to create a mailing list for
collaborative maintenance.
Name: debian-collab-maint
Rationale:
El 13/10/22 a las 07:02, Tobias Frost escribió:
> On Wed, Oct 12, 2022 at 04:09:54
On 10/12/22 09:25, Pierre-Elliott Bécue wrote:
I can understand your train of thoughts, but to be honest with myself,
I'd rather keep the social limitation rather than enforce a technical
limitation that would prevent me to upload any package and force me to
do $process and wait for someone else'
Tobias Frost writes:
> On Wed, Oct 12, 2022 at 04:09:54PM -0700, Russ Allbery wrote:
>> Is there some way right now for me to say "any Debian contributor with
>> upload rights should feel free to merge changes and upload this package
>> without needing to consult me at all, and I will subscribe t
On Wed, Oct 12, 2022 at 04:09:54PM -0700, Russ Allbery wrote:
> Is there some way right now for me to say "any Debian contributor with
> upload rights should feel free to merge changes and upload this package
> without needing to consult me at all, and I will subscribe to the packages
> feed for t
Pierre-Elliott Bécue writes:
> I really think it's not the matter, to me the matter is package
> ownership. While new contributors should feel that it's mandatory to
> discuss with maintainers, having people clamped so tightly to their
> packages that you don't know if these are actually packages
Hi,
Quoting Didier Raboud (2022-10-07 15:24:23)
> (This is the continuation of an unspecified thread in the debian-private list
> that generated enough positive content that I deemed it smart enough to jump
> off from it, to a public mailing list. I'm not quoting anything from anyone,
> but the
On Fri, Oct 07, 2022 at 03:24:23PM +0200, Didier Raboud wrote:
> Looking at how Ubuntu is structured (with topic teams) made me wonder if some
> variation of that couldn't reasonably be applied to Debian, by dividing our
> giant set in subsets (topic teams, baskets, ...), under clearer team's
>
Didier Raboud wrote on 07/10/2022 at 15:24:23+0200:
> (This is the continuation of an unspecified thread in the debian-private list
> that generated enough positive content that I deemed it smart enough to jump
> off from it, to a public mailing list. I'm not quoting anything from anyone,
> b
On October 11, 2022 11:40:20 PM UTC, Charles Plessy wrote:
>Hi Didier,
>
>An interesting side effect of your proposal is that Debian's security
>will be higer as uploading permissions will not be broad by default.
>And I think that a lightweight processe can be designed to allow DDs to
>expand
Hi Didier,
An interesting side effect of your proposal is that Debian's security
will be higer as uploading permissions will not be broad by default.
And I think that a lightweight processe can be designed to allow DDs to
expand their permissions.
Have a nice day,
--
Charles
On October 10, 2022 7:56:07 AM UTC, Gerardo Ballabio
wrote:
>Didier Raboud wrote:
>> The last aspect would also be to completely remove the source-package-level
>realms; within a subset, there would be no package-specific maintainers or
>vetoes; disputes would move "out" from source-package-le
Didier Raboud wrote:
> The last aspect would also be to completely remove the source-package-level
realms; within a subset, there would be no package-specific maintainers or
vetoes; disputes would move "out" from source-package-level to subset-level.
Uhm. This makes me wonder what the real goal of
I myself am *very* happy to have other Debian people (DDs, DMs) git
push and dput fixes to any of "my" packages. No need for an MNU or
delay or permission: just do it. Zero friction. In the unlikely event
you do something I'm uncomfortable with I'll just revert it and
discuss.
This has nothing to
(This is the continuation of an unspecified thread in the debian-private list
that generated enough positive content that I deemed it smart enough to jump
off from it, to a public mailing list. I'm not quoting anything from anyone,
but there's certainly inspiration from various participants, so
30 matches
Mail list logo
