Re: Questions regarding the Security Secretary Position
On Tue, 23 Oct 2001, Martin Schulze wrote: John Galt wrote: On Tue, 23 Oct 2001, Martin Schulze wrote: John Galt wrote: It really didn't need to go to -devel in the first place: this is internal to debian-security until there's a candidate. Folloups redirected. Err... you have noticed that there are already two people filling this position, haven't you? An since the candidate wasn't announced on -devel, once can only assume I'm sorry, but things are announced to -devel-announce, -news or -announce. If you don't follow these lists, I'm sorry... Wherever they're announced is pretty much irrelevant, the issue at hand is that 1) somebody complained about the crosspost 2) -devel was the obvious extra and 3) I redirected it. I cannot be expected to unilaterally redirect, so my comment was my way of throwing up my hands: crosspost it to hell as far as I'm concerned, just don't blame me anymore for where it goes. Regards, Joey -- Be Careful! I have a black belt in sna-fu! Who is John Galt? [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
On 22 Oct 2001, Thomas Bushnell, BSG wrote: John Galt [EMAIL PROTECTED] writes: On 22 Oct 2001, Thomas Bushnell, BSG wrote: John Galt [EMAIL PROTECTED] writes: I take it then that you volunteer. If not, shut up. Throwing artifical barriers at this office isn't going to add volunteers. How is it a barrier? It's an extra qualification. It's one that until you objected, didn't exist. My point still stands: if you want to add qualifications, add them by raising the bar and volunteering yourself. I think it's an entirely appropriate qualification. But it's no barrier: it simply requires that we know who the person is and that they share our commitments. I think those are reasonable things to expect. They aren't reasonable things to add at the last minute. The search happened, AFAICT there is a candidate, yet you had to object now. If it was so reasonable, why didn't you mention it when it came up? Reasonableness cannot be applied to concepts that are brought up at the last minute: the very fact that they were shoved in at the last minute makes them unreasonable. Now do as I asked and shut up. Thomas -- Be Careful! I have a black belt in sna-fu! Who is John Galt? [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
John Galt [EMAIL PROTECTED] writes: They aren't reasonable things to add at the last minute. The search happened, AFAICT there is a candidate, yet you had to object now. If it was so reasonable, why didn't you mention it when it came up? Reasonableness cannot be applied to concepts that are brought up at the last minute: the very fact that they were shoved in at the last minute makes them unreasonable. Now do as I asked and shut up. Actually, the security team was operating all the time under the expectation that the person should be a developer, despite the public statement on the list (as has already been said). Nor for that matter is it unreasonable for me to make a suggestion late in the day; it is for the appropriate people to decide whether or not they want to take the suggestion--where that is the security team--and I'm happy to let them take whatever suggestions I might offer and do with them what they think fit. As for why I didn't bring it up sooner: I simply hadn't noticed it sooner. I don't therefore void my right to bring it up, though the security team would be well within its rights to decide that it's too late to change things. Thomas
Re: Questions regarding the Security Secretary Position
On 22 Oct 2001, Thomas Bushnell, BSG wrote: John Galt [EMAIL PROTECTED] writes: They aren't reasonable things to add at the last minute. The search happened, AFAICT there is a candidate, yet you had to object now. If it was so reasonable, why didn't you mention it when it came up? Reasonableness cannot be applied to concepts that are brought up at the last minute: the very fact that they were shoved in at the last minute makes them unreasonable. Now do as I asked and shut up. Actually, the security team was operating all the time under the expectation that the person should be a developer, despite the public statement on the list (as has already been said). You just don't know when to drop things, do you? I've told you to shut up twice, at least two others have at various times told us to drop it, and one person's pointed out that you ECP'd it in the first place. I'm almost positive Joey's ready to kill us (I've finally removed him from the CC list, as he really isn't germane to this discussion any more...) Nor for that matter is it unreasonable for me to make a suggestion late in the day; it is for the appropriate people to decide whether or not they want to take the suggestion--where that is the security team--and I'm happy to let them take whatever suggestions I might offer and do with them what they think fit. The whole problem here is they DIDN'T ask you. You threw in your two cents worth without a corresponding pledge of support. As for why I didn't bring it up sooner: I simply hadn't noticed it sooner. I don't therefore void my right to bring it up, though the No, but you DO make yourself a hypocrite for calling ME obstructionist... Compared to you, I'm a piker in this context apparently. security team would be well within its rights to decide that it's too late to change things. Thomas -- Be Careful! I have a black belt in sna-fu! Who is John Galt? [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
John Galt [EMAIL PROTECTED] writes: The whole problem here is they DIDN'T ask you. You threw in your two cents worth without a corresponding pledge of support. It's a public mailing list, and I was simply contributing my suggestion. You decided it should be a big Federal case. I'll make you a deal. When you rudely say shut up, I'll pay attention if you return the favor when I say shut up to you. No, but you DO make yourself a hypocrite for calling ME obstructionist... Compared to you, I'm a piker in this context apparently. I'm not trying to obstruct anything.
Re: Questions regarding the Security Secretary Position
John Galt wrote: It really didn't need to go to -devel in the first place: this is internal to debian-security until there's a candidate. Folloups redirected. Err... you have noticed that there are already two people filling this position, haven't you? Regards, Joey -- This is Linux Country. On a quiet night, you can hear Windows reboot. Please always Cc to me when replying to me on the lists.
Re: Questions regarding the Security Secretary Position
On Tue, 23 Oct 2001, Martin Schulze wrote: John Galt wrote: It really didn't need to go to -devel in the first place: this is internal to debian-security until there's a candidate. Folloups redirected. Err... you have noticed that there are already two people filling this position, haven't you? An since the candidate wasn't announced on -devel, once can only assume that their qualifications aren't germane to -devel (followups NOT redirected, I've futilely tried too many times to redirect to care who the hell gets this). Regards, Joey -- Be Careful! I have a black belt in sna-fu! Who is John Galt? [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
John Galt wrote: On Tue, 23 Oct 2001, Martin Schulze wrote: John Galt wrote: It really didn't need to go to -devel in the first place: this is internal to debian-security until there's a candidate. Folloups redirected. Err... you have noticed that there are already two people filling this position, haven't you? An since the candidate wasn't announced on -devel, once can only assume I'm sorry, but things are announced to -devel-announce, -news or -announce. If you don't follow these lists, I'm sorry... Regards, Joey -- This is Linux Country. On a quiet night, you can hear Windows reboot. Please always Cc to me when replying to me on the lists.
Re: Questions regarding the Security Secretary Position
On Tue, 23 Oct 2001, Martin Schulze wrote: John Galt wrote: On Tue, 23 Oct 2001, Martin Schulze wrote: John Galt wrote: It really didn't need to go to -devel in the first place: this is internal to debian-security until there's a candidate. Folloups redirected. Err... you have noticed that there are already two people filling this position, haven't you? An since the candidate wasn't announced on -devel, once can only assume I'm sorry, but things are announced to -devel-announce, -news or -announce. If you don't follow these lists, I'm sorry... Wherever they're announced is pretty much irrelevant, the issue at hand is that 1) somebody complained about the crosspost 2) -devel was the obvious extra and 3) I redirected it. I cannot be expected to unilaterally redirect, so my comment was my way of throwing up my hands: crosspost it to hell as far as I'm concerned, just don't blame me anymore for where it goes. Regards, Joey -- Be Careful! I have a black belt in sna-fu! Who is John Galt? [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
Matt Zimmerman wrote: I think the security secretary, if we have one, should be a Debian developer. We have two of them, and they are both card-carrying developers. Unnghhh... 'Card-carrying' sounds like fiery-eyed anarchist or extreme left revolutionary, some kind of luddite the least.. -- Lauri Tischler, Network Admin Tel:+358-9-47846331* Mouse movement detected * Fax:+358-9-47846500* Reboot Windows to activate changes * Mobile: +358-40-5569010 EMail: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
On Mon, Oct 22, 2001 at 09:40:45AM +0300, Lauri Tischler wrote: Matt Zimmerman wrote: I think the security secretary, if we have one, should be a Debian developer. We have two of them, and they are both card-carrying developers. Unnghhh... 'Card-carrying' sounds like fiery-eyed anarchist or extreme left revolutionary, some kind of luddite the least.. I hate spoiling a joke this way, but a surprising number of people seem to have misinterpreted my remark. It was tongue-in-cheek humour, reflecting on the present political atmosphere of Debian. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
On Mon, Oct 22, 2001 at 09:40:45AM +0300, Lauri Tischler wrote: Matt Zimmerman wrote: I think the security secretary, if we have one, should be a Debian developer. We have two of them, and they are both card-carrying developers. Unnghhh... 'Card-carrying' sounds like fiery-eyed anarchist or extreme left revolutionary, some kind of luddite the least.. And the problem with this is? (No, I don't like leftists or luddites, but I'm all in favor of fiery-eyed anarchists). -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
It really didn't need to go to -devel in the first place: this is internal to debian-security until there's a candidate. Folloups redirected. On Tue, 23 Oct 2001, Jason Thomas wrote: only one thing, does this have to go to both lists, I'm alot of messages twice, and yes they have different message id's. On Mon, Oct 22, 2001 at 09:43:05AM -0700, Thomas Bushnell, BSG wrote: John Galt [EMAIL PROTECTED] writes: I take it then that you volunteer. If not, shut up. Throwing artifical barriers at this office isn't going to add volunteers. How is it a barrier? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Be Careful! I have a black belt in sna-fu! Who is John Galt? [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
John Galt [EMAIL PROTECTED] writes: On 22 Oct 2001, Thomas Bushnell, BSG wrote: John Galt [EMAIL PROTECTED] writes: I take it then that you volunteer. If not, shut up. Throwing artifical barriers at this office isn't going to add volunteers. How is it a barrier? It's an extra qualification. It's one that until you objected, didn't exist. My point still stands: if you want to add qualifications, add them by raising the bar and volunteering yourself. I think it's an entirely appropriate qualification. But it's no barrier: it simply requires that we know who the person is and that they share our commitments. I think those are reasonable things to expect. Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
On 22 Oct 2001, Thomas Bushnell, BSG wrote: John Galt [EMAIL PROTECTED] writes: On 22 Oct 2001, Thomas Bushnell, BSG wrote: John Galt [EMAIL PROTECTED] writes: I take it then that you volunteer. If not, shut up. Throwing artifical barriers at this office isn't going to add volunteers. How is it a barrier? It's an extra qualification. It's one that until you objected, didn't exist. My point still stands: if you want to add qualifications, add them by raising the bar and volunteering yourself. I think it's an entirely appropriate qualification. But it's no barrier: it simply requires that we know who the person is and that they share our commitments. I think those are reasonable things to expect. They aren't reasonable things to add at the last minute. The search happened, AFAICT there is a candidate, yet you had to object now. If it was so reasonable, why didn't you mention it when it came up? Reasonableness cannot be applied to concepts that are brought up at the last minute: the very fact that they were shoved in at the last minute makes them unreasonable. Now do as I asked and shut up. Thomas -- Be Careful! I have a black belt in sna-fu! Who is John Galt? [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
John Galt [EMAIL PROTECTED] writes: They aren't reasonable things to add at the last minute. The search happened, AFAICT there is a candidate, yet you had to object now. If it was so reasonable, why didn't you mention it when it came up? Reasonableness cannot be applied to concepts that are brought up at the last minute: the very fact that they were shoved in at the last minute makes them unreasonable. Now do as I asked and shut up. Actually, the security team was operating all the time under the expectation that the person should be a developer, despite the public statement on the list (as has already been said). Nor for that matter is it unreasonable for me to make a suggestion late in the day; it is for the appropriate people to decide whether or not they want to take the suggestion--where that is the security team--and I'm happy to let them take whatever suggestions I might offer and do with them what they think fit. As for why I didn't bring it up sooner: I simply hadn't noticed it sooner. I don't therefore void my right to bring it up, though the security team would be well within its rights to decide that it's too late to change things. Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
On 22 Oct 2001, Thomas Bushnell, BSG wrote: John Galt [EMAIL PROTECTED] writes: They aren't reasonable things to add at the last minute. The search happened, AFAICT there is a candidate, yet you had to object now. If it was so reasonable, why didn't you mention it when it came up? Reasonableness cannot be applied to concepts that are brought up at the last minute: the very fact that they were shoved in at the last minute makes them unreasonable. Now do as I asked and shut up. Actually, the security team was operating all the time under the expectation that the person should be a developer, despite the public statement on the list (as has already been said). You just don't know when to drop things, do you? I've told you to shut up twice, at least two others have at various times told us to drop it, and one person's pointed out that you ECP'd it in the first place. I'm almost positive Joey's ready to kill us (I've finally removed him from the CC list, as he really isn't germane to this discussion any more...) Nor for that matter is it unreasonable for me to make a suggestion late in the day; it is for the appropriate people to decide whether or not they want to take the suggestion--where that is the security team--and I'm happy to let them take whatever suggestions I might offer and do with them what they think fit. The whole problem here is they DIDN'T ask you. You threw in your two cents worth without a corresponding pledge of support. As for why I didn't bring it up sooner: I simply hadn't noticed it sooner. I don't therefore void my right to bring it up, though the No, but you DO make yourself a hypocrite for calling ME obstructionist... Compared to you, I'm a piker in this context apparently. security team would be well within its rights to decide that it's too late to change things. Thomas -- Be Careful! I have a black belt in sna-fu! Who is John Galt? [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
John Galt [EMAIL PROTECTED] writes: The whole problem here is they DIDN'T ask you. You threw in your two cents worth without a corresponding pledge of support. It's a public mailing list, and I was simply contributing my suggestion. You decided it should be a big Federal case. I'll make you a deal. When you rudely say shut up, I'll pay attention if you return the favor when I say shut up to you. No, but you DO make yourself a hypocrite for calling ME obstructionist... Compared to you, I'm a piker in this context apparently. I'm not trying to obstruct anything. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
On 22 Oct 2001, Thomas Bushnell, BSG wrote: John Galt [EMAIL PROTECTED] writes: The whole problem here is they DIDN'T ask you. You threw in your two cents worth without a corresponding pledge of support. It's a public mailing list, and I was simply contributing my suggestion. You decided it should be a big Federal case. I find that hilarious coming from you. Didn't you once try to muzzle myself and another on -legal, claiming that lists.debian.org wasn't a public resource? Hypocrite. I'll make you a deal. When you rudely say shut up, I'll pay attention if you return the favor when I say shut up to you. Yeah, sure. You have yet to back that statement with lack of words... No, but you DO make yourself a hypocrite for calling ME obstructionist... Compared to you, I'm a piker in this context apparently. I'm not trying to obstruct anything. No, you're just making reasonable suggestions after the fact. Whatever, if you can't figure that what you're doing is being obstructionist, there ain't nothing I'm going to tell you that will change it, even if I could. -- Be Careful! I have a black belt in sna-fu! Who is John Galt? [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
Hi, Quoting Colin Phipps ([EMAIL PROTECTED]): On Mon, Oct 22, 2001 at 07:12:57AM -0600, John Galt wrote: I take it then that you volunteer. If not, shut up. Throwing artifical barriers at this office isn't going to add volunteers. The barriers to becoming a developer are mainly commitment to the project and to the social contract, both of which should be requirements for any security secretary. It doesn't imply package maintenance (IIRC). Sure they don't have to be a developer *yet*, but they should (either in fact or in effect) become one. Which was what Thomas suggested. Please read the thread first :) mdz already noted that we already have two security secretaries. A couple of members of the security team, including me, feel that the person(s) to be appointed secretary should already _be_ developers. Not that this all matters anymore, as the whole thing already has been resolved. Greets, Robert -- Linux Generation encrypted mail preferred. finger [EMAIL PROTECTED] for my GnuPG/PGP key. Life is a sexually transmitted disease with 100% mortality. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
John Galt [EMAIL PROTECTED] writes: I take it then that you volunteer. If not, shut up. Throwing artifical barriers at this office isn't going to add volunteers. How is it a barrier? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
On 21 Oct 2001, Thomas Bushnell, BSG wrote: Martin Schulze [EMAIL PROTECTED] writes: Q: Is a requirement being a Debian developer? No. It is my understanding that it would be good to have fresh blood in the team. Working on security can cost a lot of time, thus it could even be helpful not being a Debian developer since that implies active package maintenance as well. However, similar knowledge is very helpful, and may be required when working on issues. I think the security secretary, if we have one, should be a Debian developer. I take it then that you volunteer. If not, shut up. Throwing artifical barriers at this office isn't going to add volunteers. But it doesn't have to be someone who is already a Debian developer, and I have no objection to fast-tracking their application. -- Be Careful! I have a black belt in sna-fu! Who is John Galt? [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
only one thing, does this have to go to both lists, I'm alot of messages twice, and yes they have different message id's. On Mon, Oct 22, 2001 at 09:43:05AM -0700, Thomas Bushnell, BSG wrote: John Galt [EMAIL PROTECTED] writes: I take it then that you volunteer. If not, shut up. Throwing artifical barriers at this office isn't going to add volunteers. How is it a barrier? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Jason Thomas Phone: +61 2 6257 7111 System Administrator - UID 0 Fax:+61 2 6257 7311 tSA Consulting Group Pty. Ltd. Mobile: 0418 29 66 81 1 Hall Street Lyneham ACT 2602 http://www.topic.com.au/ PGP signature
Re: Questions regarding the Security Secretary Position
On 22 Oct 2001, Thomas Bushnell, BSG wrote: John Galt [EMAIL PROTECTED] writes: I take it then that you volunteer. If not, shut up. Throwing artifical barriers at this office isn't going to add volunteers. How is it a barrier? It's an extra qualification. It's one that until you objected, didn't exist. My point still stands: if you want to add qualifications, add them by raising the bar and volunteering yourself. -- Be Careful! I have a black belt in sna-fu! Who is John Galt? [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
On Mon, Oct 22, 2001 at 07:12:57AM -0600, John Galt wrote: On 21 Oct 2001, Thomas Bushnell, BSG wrote: Martin Schulze [EMAIL PROTECTED] writes: Q: Is a requirement being a Debian developer? No. It is my understanding that it would be good to have fresh blood in the team. Working on security can cost a lot of time, thus it could even be helpful not being a Debian developer since that implies active package maintenance as well. However, similar knowledge is very helpful, and may be required when working on issues. I think the security secretary, if we have one, should be a Debian developer. I take it then that you volunteer. If not, shut up. Throwing artifical barriers at this office isn't going to add volunteers. The barriers to becoming a developer are mainly commitment to the project and to the social contract, both of which should be requirements for any security secretary. It doesn't imply package maintenance (IIRC). Sure they don't have to be a developer *yet*, but they should (either in fact or in effect) become one. Which was what Thomas suggested. -- Colin Phipps PGP 0x689E463E http://www.netcraft.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
On Mon, 22 Oct 2001, Colin Phipps wrote: On Mon, Oct 22, 2001 at 07:12:57AM -0600, John Galt wrote: On 21 Oct 2001, Thomas Bushnell, BSG wrote: Martin Schulze [EMAIL PROTECTED] writes: Q: Is a requirement being a Debian developer? No. It is my understanding that it would be good to have fresh blood in the team. Working on security can cost a lot of time, thus it could even be helpful not being a Debian developer since that implies active package maintenance as well. However, similar knowledge is very helpful, and may be required when working on issues. I think the security secretary, if we have one, should be a Debian developer. I take it then that you volunteer. If not, shut up. Throwing artifical barriers at this office isn't going to add volunteers. The barriers to becoming a developer are mainly commitment to the project and to the social contract, both of which should be requirements for any security secretary. It doesn't imply package maintenance (IIRC). Sure they don't have to Actually, it does. be a developer *yet*, but they should (either in fact or in effect) become one. Which was what Thomas suggested. -- Be Careful! I have a black belt in sna-fu! Who is John Galt? [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
John Galt wrote: It really didn't need to go to -devel in the first place: this is internal to debian-security until there's a candidate. Folloups redirected. Err... you have noticed that there are already two people filling this position, haven't you? Regards, Joey -- This is Linux Country. On a quiet night, you can hear Windows reboot. Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
On Tue, 23 Oct 2001, Martin Schulze wrote: John Galt wrote: It really didn't need to go to -devel in the first place: this is internal to debian-security until there's a candidate. Folloups redirected. Err... you have noticed that there are already two people filling this position, haven't you? An since the candidate wasn't announced on -devel, once can only assume that their qualifications aren't germane to -devel (followups NOT redirected, I've futilely tried too many times to redirect to care who the hell gets this). Regards, Joey -- Be Careful! I have a black belt in sna-fu! Who is John Galt? [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
John Galt wrote: On Tue, 23 Oct 2001, Martin Schulze wrote: John Galt wrote: It really didn't need to go to -devel in the first place: this is internal to debian-security until there's a candidate. Folloups redirected. Err... you have noticed that there are already two people filling this position, haven't you? An since the candidate wasn't announced on -devel, once can only assume I'm sorry, but things are announced to -devel-announce, -news or -announce. If you don't follow these lists, I'm sorry... Regards, Joey -- This is Linux Country. On a quiet night, you can hear Windows reboot. Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
On Mon, Oct 22, 2001 at 08:23:24AM -0600, John Galt wrote: On Mon, 22 Oct 2001, Colin Phipps wrote: The barriers to becoming a developer are mainly commitment to the project and to the social contract, both of which should be requirements for any security secretary. It doesn't imply package maintenance (IIRC). Actually, it does. No. *Most* developers maintain packages, sure, but they don't have to. http://nm.debian.org/newnm.html (I think that's the URL, I'm looking at it in CVS because pandora seems inaccessible): If you intend to package software, do you have a Debian package you have adopted or created ready to show your AM? And if you intend to do other things (e.g. port Debian to other architectures, help with documentation, Quality Assurance or Security), do you have experience in those things which you can tell your AM about? -- Colin Watson [[EMAIL PROTECTED]] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
Matt Zimmerman wrote: I think the security secretary, if we have one, should be a Debian developer. We have two of them, and they are both card-carrying developers. Unnghhh... 'Card-carrying' sounds like fiery-eyed anarchist or extreme left revolutionary, some kind of luddite the least.. -- Lauri Tischler, Network Admin Tel:+358-9-47846331* Mouse movement detected * Fax:+358-9-47846500* Reboot Windows to activate changes * Mobile: +358-40-5569010 EMail: [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
On Mon, Oct 22, 2001 at 09:40:45AM +0300, Lauri Tischler wrote: Matt Zimmerman wrote: I think the security secretary, if we have one, should be a Debian developer. We have two of them, and they are both card-carrying developers. Unnghhh... 'Card-carrying' sounds like fiery-eyed anarchist or extreme left revolutionary, some kind of luddite the least.. I hate spoiling a joke this way, but a surprising number of people seem to have misinterpreted my remark. It was tongue-in-cheek humour, reflecting on the present political atmosphere of Debian. -- - mdz
Re: Questions regarding the Security Secretary Position
On Mon, Oct 22, 2001 at 09:40:45AM +0300, Lauri Tischler wrote: Matt Zimmerman wrote: I think the security secretary, if we have one, should be a Debian developer. We have two of them, and they are both card-carrying developers. Unnghhh... 'Card-carrying' sounds like fiery-eyed anarchist or extreme left revolutionary, some kind of luddite the least.. And the problem with this is? (No, I don't like leftists or luddites, but I'm all in favor of fiery-eyed anarchists). -- Share and Enjoy.
Re: Questions regarding the Security Secretary Position
On 21 Oct 2001, Thomas Bushnell, BSG wrote: Martin Schulze [EMAIL PROTECTED] writes: Q: Is a requirement being a Debian developer? No. It is my understanding that it would be good to have fresh blood in the team. Working on security can cost a lot of time, thus it could even be helpful not being a Debian developer since that implies active package maintenance as well. However, similar knowledge is very helpful, and may be required when working on issues. I think the security secretary, if we have one, should be a Debian developer. I take it then that you volunteer. If not, shut up. Throwing artifical barriers at this office isn't going to add volunteers. But it doesn't have to be someone who is already a Debian developer, and I have no objection to fast-tracking their application. -- Be Careful! I have a black belt in sna-fu! Who is John Galt? [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
On Mon, Oct 22, 2001 at 07:12:57AM -0600, John Galt wrote: On 21 Oct 2001, Thomas Bushnell, BSG wrote: Martin Schulze [EMAIL PROTECTED] writes: Q: Is a requirement being a Debian developer? No. It is my understanding that it would be good to have fresh blood in the team. Working on security can cost a lot of time, thus it could even be helpful not being a Debian developer since that implies active package maintenance as well. However, similar knowledge is very helpful, and may be required when working on issues. I think the security secretary, if we have one, should be a Debian developer. I take it then that you volunteer. If not, shut up. Throwing artifical barriers at this office isn't going to add volunteers. The barriers to becoming a developer are mainly commitment to the project and to the social contract, both of which should be requirements for any security secretary. It doesn't imply package maintenance (IIRC). Sure they don't have to be a developer *yet*, but they should (either in fact or in effect) become one. Which was what Thomas suggested. -- Colin Phipps PGP 0x689E463E http://www.netcraft.com/
Re: Questions regarding the Security Secretary Position
On Mon, 22 Oct 2001, Colin Phipps wrote: On Mon, Oct 22, 2001 at 07:12:57AM -0600, John Galt wrote: On 21 Oct 2001, Thomas Bushnell, BSG wrote: Martin Schulze [EMAIL PROTECTED] writes: Q: Is a requirement being a Debian developer? No. It is my understanding that it would be good to have fresh blood in the team. Working on security can cost a lot of time, thus it could even be helpful not being a Debian developer since that implies active package maintenance as well. However, similar knowledge is very helpful, and may be required when working on issues. I think the security secretary, if we have one, should be a Debian developer. I take it then that you volunteer. If not, shut up. Throwing artifical barriers at this office isn't going to add volunteers. The barriers to becoming a developer are mainly commitment to the project and to the social contract, both of which should be requirements for any security secretary. It doesn't imply package maintenance (IIRC). Sure they don't have to Actually, it does. be a developer *yet*, but they should (either in fact or in effect) become one. Which was what Thomas suggested. -- Be Careful! I have a black belt in sna-fu! Who is John Galt? [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
Hi, Quoting Colin Phipps ([EMAIL PROTECTED]): On Mon, Oct 22, 2001 at 07:12:57AM -0600, John Galt wrote: I take it then that you volunteer. If not, shut up. Throwing artifical barriers at this office isn't going to add volunteers. The barriers to becoming a developer are mainly commitment to the project and to the social contract, both of which should be requirements for any security secretary. It doesn't imply package maintenance (IIRC). Sure they don't have to be a developer *yet*, but they should (either in fact or in effect) become one. Which was what Thomas suggested. Please read the thread first :) mdz already noted that we already have two security secretaries. A couple of members of the security team, including me, feel that the person(s) to be appointed secretary should already _be_ developers. Not that this all matters anymore, as the whole thing already has been resolved. Greets, Robert -- Linux Generation encrypted mail preferred. finger [EMAIL PROTECTED] for my GnuPG/PGP key. Life is a sexually transmitted disease with 100% mortality.
Re: Questions regarding the Security Secretary Position
John Galt [EMAIL PROTECTED] writes: I take it then that you volunteer. If not, shut up. Throwing artifical barriers at this office isn't going to add volunteers. How is it a barrier?
Re: Questions regarding the Security Secretary Position
On Mon, Oct 22, 2001 at 08:23:24AM -0600, John Galt wrote: On Mon, 22 Oct 2001, Colin Phipps wrote: The barriers to becoming a developer are mainly commitment to the project and to the social contract, both of which should be requirements for any security secretary. It doesn't imply package maintenance (IIRC). Actually, it does. No. *Most* developers maintain packages, sure, but they don't have to. http://nm.debian.org/newnm.html (I think that's the URL, I'm looking at it in CVS because pandora seems inaccessible): If you intend to package software, do you have a Debian package you have adopted or created ready to show your AM? And if you intend to do other things (e.g. port Debian to other architectures, help with documentation, Quality Assurance or Security), do you have experience in those things which you can tell your AM about? -- Colin Watson [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
only one thing, does this have to go to both lists, I'm alot of messages twice, and yes they have different message id's. On Mon, Oct 22, 2001 at 09:43:05AM -0700, Thomas Bushnell, BSG wrote: John Galt [EMAIL PROTECTED] writes: I take it then that you volunteer. If not, shut up. Throwing artifical barriers at this office isn't going to add volunteers. How is it a barrier? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Jason Thomas Phone: +61 2 6257 7111 System Administrator - UID 0 Fax:+61 2 6257 7311 tSA Consulting Group Pty. Ltd. Mobile: 0418 29 66 81 1 Hall Street Lyneham ACT 2602 http://www.topic.com.au/ pgph88wE2aMSn.pgp Description: PGP signature
Re: Questions regarding the Security Secretary Position
On 22 Oct 2001, Thomas Bushnell, BSG wrote: John Galt [EMAIL PROTECTED] writes: I take it then that you volunteer. If not, shut up. Throwing artifical barriers at this office isn't going to add volunteers. How is it a barrier? It's an extra qualification. It's one that until you objected, didn't exist. My point still stands: if you want to add qualifications, add them by raising the bar and volunteering yourself. -- Be Careful! I have a black belt in sna-fu! Who is John Galt? [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
It really didn't need to go to -devel in the first place: this is internal to debian-security until there's a candidate. Folloups redirected. On Tue, 23 Oct 2001, Jason Thomas wrote: only one thing, does this have to go to both lists, I'm alot of messages twice, and yes they have different message id's. On Mon, Oct 22, 2001 at 09:43:05AM -0700, Thomas Bushnell, BSG wrote: John Galt [EMAIL PROTECTED] writes: I take it then that you volunteer. If not, shut up. Throwing artifical barriers at this office isn't going to add volunteers. How is it a barrier? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Be Careful! I have a black belt in sna-fu! Who is John Galt? [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
John Galt [EMAIL PROTECTED] writes: On 22 Oct 2001, Thomas Bushnell, BSG wrote: John Galt [EMAIL PROTECTED] writes: I take it then that you volunteer. If not, shut up. Throwing artifical barriers at this office isn't going to add volunteers. How is it a barrier? It's an extra qualification. It's one that until you objected, didn't exist. My point still stands: if you want to add qualifications, add them by raising the bar and volunteering yourself. I think it's an entirely appropriate qualification. But it's no barrier: it simply requires that we know who the person is and that they share our commitments. I think those are reasonable things to expect. Thomas
Re: Questions regarding the Security Secretary Position
Martin Schulze [EMAIL PROTECTED] writes: Q: Is a requirement being a Debian developer? No. It is my understanding that it would be good to have fresh blood in the team. Working on security can cost a lot of time, thus it could even be helpful not being a Debian developer since that implies active package maintenance as well. However, similar knowledge is very helpful, and may be required when working on issues. I think the security secretary, if we have one, should be a Debian developer. But it doesn't have to be someone who is already a Debian developer, and I have no objection to fast-tracking their application. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
On Sun, Oct 21, 2001 at 09:23:03AM -0700, Thomas Bushnell, BSG wrote: Martin Schulze [EMAIL PROTECTED] writes: Q: Is a requirement being a Debian developer? No. It is my understanding that it would be good to have fresh blood in the team. Working on security can cost a lot of time, thus it could even be helpful not being a Debian developer since that implies active package maintenance as well. However, similar knowledge is very helpful, and may be required when working on issues. I think the security secretary, if we have one, should be a Debian developer. We have two of them, and they are both card-carrying developers. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
Matt Zimmerman [EMAIL PROTECTED] writes: On Sun, Oct 21, 2001 at 09:23:03AM -0700, Thomas Bushnell, BSG wrote: Martin Schulze [EMAIL PROTECTED] writes: Q: Is a requirement being a Debian developer? No. It is my understanding that it would be good to have fresh blood in the team. Working on security can cost a lot of time, thus it could even be helpful not being a Debian developer since that implies active package maintenance as well. However, similar knowledge is very helpful, and may be required when working on issues. I think the security secretary, if we have one, should be a Debian developer. We have two of them, and they are both card-carrying developers. Sorry; I was referring to the QA, not the present incumbents. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Questions regarding the Security Secretary Position
Martin Schulze [EMAIL PROTECTED] writes: Q: Is a requirement being a Debian developer? No. It is my understanding that it would be good to have fresh blood in the team. Working on security can cost a lot of time, thus it could even be helpful not being a Debian developer since that implies active package maintenance as well. However, similar knowledge is very helpful, and may be required when working on issues. I think the security secretary, if we have one, should be a Debian developer. But it doesn't have to be someone who is already a Debian developer, and I have no objection to fast-tracking their application.
Re: Questions regarding the Security Secretary Position
On Sun, Oct 21, 2001 at 09:23:03AM -0700, Thomas Bushnell, BSG wrote: Martin Schulze [EMAIL PROTECTED] writes: Q: Is a requirement being a Debian developer? No. It is my understanding that it would be good to have fresh blood in the team. Working on security can cost a lot of time, thus it could even be helpful not being a Debian developer since that implies active package maintenance as well. However, similar knowledge is very helpful, and may be required when working on issues. I think the security secretary, if we have one, should be a Debian developer. We have two of them, and they are both card-carrying developers. -- - mdz
Re: Questions regarding the Security Secretary Position
Matt Zimmerman [EMAIL PROTECTED] writes: On Sun, Oct 21, 2001 at 09:23:03AM -0700, Thomas Bushnell, BSG wrote: Martin Schulze [EMAIL PROTECTED] writes: Q: Is a requirement being a Debian developer? No. It is my understanding that it would be good to have fresh blood in the team. Working on security can cost a lot of time, thus it could even be helpful not being a Debian developer since that implies active package maintenance as well. However, similar knowledge is very helpful, and may be required when working on issues. I think the security secretary, if we have one, should be a Debian developer. We have two of them, and they are both card-carrying developers. Sorry; I was referring to the QA, not the present incumbents.
Re: Questions regarding the Security Secretary Position
Are they both around 20 years of age and steaming hot ? - like the ones we all hope wish we had as receptionists in our corps ? =) -xbud On Sunday 21 October 2001 04:52 pm, Thomas Bushnell, BSG wrote: Matt Zimmerman [EMAIL PROTECTED] writes: On Sun, Oct 21, 2001 at 09:23:03AM -0700, Thomas Bushnell, BSG wrote: Martin Schulze [EMAIL PROTECTED] writes: Q: Is a requirement being a Debian developer? No. It is my understanding that it would be good to have fresh blood in the team. Working on security can cost a lot of time, thus it could even be helpful not being a Debian developer since that implies active package maintenance as well. However, similar knowledge is very helpful, and may be required when working on issues. I think the security secretary, if we have one, should be a Debian developer. We have two of them, and they are both card-carrying developers. Sorry; I was referring to the QA, not the present incumbents.
Questions regarding the Security Secretary Position
I'm awfully sorry for the delay, but I wasn't able to work on this earlier again. Here's a list of questions and answers that came up with the posting I made last week. Q: Is a requirement being a Debian developer? No. It is my understanding that it would be good to have fresh blood in the team. Working on security can cost a lot of time, thus it could even be helpful not being a Debian developer since that implies active package maintenance as well. However, similar knowledge is very helpful, and may be required when working on issues. Q: How much time is required to fill the position? That's something I don't know. When I started with Debian Security, it was easy to do, there were two architectures, about 1000 packages and not too many security incidents reported. This has changed. We're at some 5000 packages, often there are more than two security incidents reported per week which we'll have to investigate, and there are six released architectures, probably 12 for the next release. I can imagine that this job requires about 10-20 hours per week. However, it's possible that there are a couple of weeks where no work is to be done. One has to expect that this position requires a lot of time. Q: Are you open to finding a small (2-3 person) team to fill this role? Yes, I am open to this idea. This would be based on my practise of forming a team in order to make it less dependant of one person (see listmaster, debian-admin, security etc.). However, the more people are involved, the more coordination has to be done. On the other side, security is crucial and we should do anything that can improve the situation. Q: How will the person/team come up to speed? I can't parse the question. In my announcement I wrote several tasks that this person/team would have to work on. I forgot documentation thouth. Please see http://lists.debian.org/debian-security-0109/msg00225.html Q: What are the personal requirements? At least one of the secretary team needs to be able to code in C and understand Debian packaging as well as security incidents. It would be useless if the person won't understand how an exploit works. If more than one person is going to fill this position than a second person could specialize on tracking problems and documentation while the first person works on details, programming and fixing. A lot of spare time is required as well. Q: What is the method you will choose this person? The current Debian Security Team will discuss volunteers and appoint 1-3 persons. Regards, Joey -- No question is too silly to ask, but, of course, some are too silly to answer. -- Perl book PGP signature
Questions regarding the Security Secretary Position
I'm awfully sorry for the delay, but I wasn't able to work on this earlier again. Here's a list of questions and answers that came up with the posting I made last week. Q: Is a requirement being a Debian developer? No. It is my understanding that it would be good to have fresh blood in the team. Working on security can cost a lot of time, thus it could even be helpful not being a Debian developer since that implies active package maintenance as well. However, similar knowledge is very helpful, and may be required when working on issues. Q: How much time is required to fill the position? That's something I don't know. When I started with Debian Security, it was easy to do, there were two architectures, about 1000 packages and not too many security incidents reported. This has changed. We're at some 5000 packages, often there are more than two security incidents reported per week which we'll have to investigate, and there are six released architectures, probably 12 for the next release. I can imagine that this job requires about 10-20 hours per week. However, it's possible that there are a couple of weeks where no work is to be done. One has to expect that this position requires a lot of time. Q: Are you open to finding a small (2-3 person) team to fill this role? Yes, I am open to this idea. This would be based on my practise of forming a team in order to make it less dependant of one person (see listmaster, debian-admin, security etc.). However, the more people are involved, the more coordination has to be done. On the other side, security is crucial and we should do anything that can improve the situation. Q: How will the person/team come up to speed? I can't parse the question. In my announcement I wrote several tasks that this person/team would have to work on. I forgot documentation thouth. Please see http://lists.debian.org/debian-security-0109/msg00225.html Q: What are the personal requirements? At least one of the secretary team needs to be able to code in C and understand Debian packaging as well as security incidents. It would be useless if the person won't understand how an exploit works. If more than one person is going to fill this position than a second person could specialize on tracking problems and documentation while the first person works on details, programming and fixing. A lot of spare time is required as well. Q: What is the method you will choose this person? The current Debian Security Team will discuss volunteers and appoint 1-3 persons. Regards, Joey -- No question is too silly to ask, but, of course, some are too silly to answer. -- Perl book pgp5DCnWOOiUv.pgp Description: PGP signature
