Giving upload rights to non-Ubuntu members
Scott Kitterman
ubuntu at kitterman.com
Thu Jul 25 01:42:48 UTC 2013
On Thursday, July 25, 2013 02:17:21 AM Mark Shuttleworth wrote:
> On 23/07/13 23:36, Iain Lane wrote:
> > I'm not sure what additional/different quality control would be
> > necessary. Is your concern that by not being Ubuntu members these folk
> > don't have skin in the game and therefore might be less careful in
> > their work in Ubuntu? I think that a necessary component of any
> > successful application to the DMB should be that the board satisfies
> > itself of the individual's technical competence and trustworthinesss.
> > Beyond that, both members and non-members can screw up and we (the
> > developer community at large) would deal with either in the same way.
> > Cheers,
>
> Accepted that mistakes happen, and our governance should not aim for a
> false sense of security.
>
> My main thought was that we always want to ensure that there are active
> forces steering things in the right direction. My concern would be, if a
> person 'leads' a packageset and gives another person permission to
> upload, who then drifts away, that we may be vulnerable to a social
> attack if their keys were compromised. The Forums hack seems to have
> been exactly this - one admin gave another access years ago, and then
> that'caused an issue today.
The packagesets where we thought we MIGHT make membership optional are not
ones related to the various flavors and none of them are ones that have
delegated authority to make people developers. There are packagesets that are
a matter of administrative convenience, e.g. instead of PPU for 5 related
packages, here's a small packageset that we'll let you upload to. For these
kinds of cases, PPU for X packages or create a packageset is only an
adminstrative difference.
As a practical matter, I expect this new option to primarily apply to Debian
developers that are someone interested in their packages in Ubuntu, but not
making a major commitment to it. If their keys get compromised we're in
trouble whether they have upload rights to Ubuntu or not.
Scott K
More information about the technical-board
mailing list