Motu application for Emanuele Gentili (emgent)
Stephan Hermann
sh at sourcecode.de
Wed Jul 9 13:16:33 BST 2008
Hi,
On Wed, 9 Jul 2008 14:00:10 +0200
Michael Bienia <michael at vorlon.ping.de> wrote:
> On 2008-07-02 16:28:50 +0200, Stephan Hermann wrote:
> [security uploads]
> > Yes...being a MOTU/Core-dev means you are more trusted then someone
> > else. So having a MOTU or core-dev preparing a security bugfix this
> > bugfix can be more trusted then from someone we don't know.
> > Actually, I do like a "broken security update" more from a known
> > dev, then from an unknown (unkown to my gpg keyring and unknown to
> > me).
>
> So you would trust a MOTU who didn't work on security updates in the
> past more to prepare a security update than a known contributor which
> has prepared several security updates in the past?
A known contributor != unknown . I do trust people I work with on a
regular base. But having a passthrough contributor pushing security
stuff I don't trust in general.
All known contributors, motus and core-devs have a history, which I can
follow...this is what I mean with "trust more".
And with the Ubuntu Environment in general, giving out upload rights to
known contributors, we are showing to us and them that we trust those
people. I wonder if we still have this "you need at least one ubuntu
maintainer, debian maintainer who signed your gpg key" rule.
> I usually base my trust on experience in a specific field of that
> person, being it core-dev, MOTU or a (known) contributor (in general
> and not only limited to security updates).
That's what I mean...but there is a priority, even in your list ;) and
that's my priority list, too :)
> Right now I'd trust Emanuele more to prepare a good security update
> than myself.
+1 :)
\sh
More information about the Motu-council
mailing list