Giving upload rights to non-Ubuntu members
Mark Shuttleworth
mark at ubuntu.com
Thu Jul 25 01:17:21 UTC 2013
On 23/07/13 23:36, Iain Lane wrote:
> I'm not sure what additional/different quality control would be
> necessary. Is your concern that by not being Ubuntu members these folk
> don't have skin in the game and therefore might be less careful in
> their work in Ubuntu? I think that a necessary component of any
> successful application to the DMB should be that the board satisfies
> itself of the individual's technical competence and trustworthinesss.
> Beyond that, both members and non-members can screw up and we (the
> developer community at large) would deal with either in the same way.
> Cheers,
Accepted that mistakes happen, and our governance should not aim for a
false sense of security.
My main thought was that we always want to ensure that there are active
forces steering things in the right direction. My concern would be, if a
person 'leads' a packageset and gives another person permission to
upload, who then drifts away, that we may be vulnerable to a social
attack if their keys were compromised. The Forums hack seems to have
been exactly this - one admin gave another access years ago, and then
that'caused an issue today.
Mark
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/technical-board/attachments/20130725/25931810/attachment-0001.pgp>
More information about the technical-board
mailing list