Giving upload rights to non-Ubuntu members

Scott Kitterman ubuntu at kitterman.com
Thu Jul 25 01:42:48 UTC 2013


On Thursday, July 25, 2013 02:17:21 AM Mark Shuttleworth wrote:
> On 23/07/13 23:36, Iain Lane wrote:
> > I'm not sure what additional/different quality control would be
> > necessary. Is your concern that by not being Ubuntu members these folk
> > don't have skin in the game and therefore might be less careful in
> > their work in Ubuntu? I think that a necessary component of any
> > successful application to the DMB should be that the board satisfies
> > itself of the individual's technical competence and trustworthinesss.
> > Beyond that, both members and non-members can screw up and we (the
> > developer community at large) would deal with either in the same way.
> > Cheers,
> 
> Accepted that mistakes happen, and our governance should not aim for a
> false sense of security.
> 
> My main thought was that we always want to ensure that there are active
> forces steering things in the right direction. My concern would be, if a
> person 'leads' a packageset and gives another person permission to
> upload, who then drifts away, that we may be vulnerable to a social
> attack if their keys were compromised. The Forums hack seems to have
> been exactly this - one admin gave another access years ago, and then
> that'caused an issue today.

The packagesets where we thought we MIGHT make membership optional are not 
ones related to the various flavors and none of them are ones that have 
delegated authority to make people developers.  There are packagesets that are 
a matter of administrative convenience, e.g. instead of PPU for 5 related 
packages, here's a small packageset that we'll let you upload to.  For these 
kinds of cases, PPU for X packages or create a packageset is only an 
adminstrative difference.  

As a practical matter, I expect this new option to primarily apply to Debian 
developers that are someone interested in their packages in Ubuntu, but not 
making a major commitment to it.  If their keys get compromised we're in 
trouble whether they have upload rights to Ubuntu or not.

Scott K



More information about the technical-board mailing list