Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian Development (http://www.linux-archive.org/debian-development/)
-   -   Changes to Debian Maintainer upload permissions (http://www.linux-archive.org/debian-development/706327-changes-debian-maintainer-upload-permissions.html)

Arno Tll 09-22-2012 09:56 AM

Changes to Debian Maintainer upload permissions
 
Hi,

On 22.09.2012 10:06, Ansgar Burchardt wrote:
> We are using this opportunity to clean up the "DM database" and will not
> convert any of the DMUA flags to the new format, but two months ought to
> be enough for any active DM to ensure their sponsor DDs have set the new
> permission.

please don't. This is not only to work out active DMs, but also a denial
of service attack against active DMs where their former sponsor is
unavailable or disappeared since then. It's not necessarily the DMs
fault, if he fails to get _someone else_ to send a "be-alive" message
within two months.


--
with kind regards,
Arno Tll
IRC: daemonkeeper on Freenode/OFTC
GnuPG Key-ID: 0x9D80F36D

Gergely Nagy 09-22-2012 10:51 AM

Changes to Debian Maintainer upload permissions
 
Arno Tll <arno@debian.org> writes:

> On 22.09.2012 10:06, Ansgar Burchardt wrote:
>> We are using this opportunity to clean up the "DM database" and will not
>> convert any of the DMUA flags to the new format, but two months ought to
>> be enough for any active DM to ensure their sponsor DDs have set the new
>> permission.
>
> please don't. This is not only to work out active DMs, but also a denial
> of service attack against active DMs where their former sponsor is
> unavailable or disappeared since then. It's not necessarily the DMs
> fault, if he fails to get _someone else_ to send a "be-alive" message
> within two months.

I am sure that on the rare occassion where the DM faces this kind of
trouble, we will be able to find a suitable solution. I don't think
anyone wants to punish DMs, quite the contrary.

I do not think there is any need to worry, no active DM will be left
behind. So if any DM is having an issue along these lines, yell, and I
am sure some solution will be found.

(I can think of at least three solutions, and only one requires more
work from the DM, but results in that M turning into a D, which can also
be beneficial in the long run!)

--
|8]


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 87zk4i5o0j.fsf@luthien.mhp">http://lists.debian.org/87zk4i5o0j.fsf@luthien.mhp

Paul Tagliamonte 09-22-2012 01:43 PM

Changes to Debian Maintainer upload permissions
 
On Sat, Sep 22, 2012 at 11:56:54AM +0200, Arno Trll wrote:
> Hi,
>
> On 22.09.2012 10:06, Ansgar Burchardt wrote:
> > We are using this opportunity to clean up the "DM database" and will not
> > convert any of the DMUA flags to the new format, but two months ought to
> > be enough for any active DM to ensure their sponsor DDs have set the new
> > permission.
>
> please don't. This is not only to work out active DMs, but also a denial
> of service attack against active DMs where their former sponsor is
> unavailable or disappeared since then. It's not necessarily the DMs
> fault, if he fails to get _someone else_ to send a "be-alive" message
> within two months.
>

OK, here's how I see this.

If any DM asks me to, and they can show they've made uploads (with
DMUA) before this announcement for that package, and that they've not
broken things in a gnarly gnarly way (and if their sponsor is VAC,
MIA or otherwise not here), I don't think I'd have any problem flipping
the bit back over.

Yes, even if I'd not have given them DMUA on my own.

In the end, being a DM comes down to *trust*.

They could (quite easily) break into a buildd / slave it out for evil.

Why should we assume the worst? Let's just lax the rules slightly if
they had DMUA and used it for requests for the next month or two.

We trust they are who they say they are, and if they show they've made
good decisions when uploading in the past, why not. It's easy to revoke
the commit bit.

My two cents :)

--
.'`. Paul Tagliamonte <paultag@debian.org>
: :' : Proud Debian Developer
`. `'` 4096R / 8F04 9AD8 2C92 066C 7352 D28A 7B58 5B30 807C 2A87
`- http://people.debian.org/~paultag

Gergely Nagy 09-22-2012 01:47 PM

Changes to Debian Maintainer upload permissions
 
Paul Tagliamonte <paultag@debian.org> writes:

> If any DM asks me to, and they can show they've made uploads (with
> DMUA) before this announcement for that package, and that they've not
> broken things in a gnarly gnarly way (and if their sponsor is VAC,
> MIA or otherwise not here), I don't think I'd have any problem flipping
> the bit back over.
>
> Yes, even if I'd not have given them DMUA on my own.

Yep, that is one of the solutions I mentioned earlier. Therefore, if a
DM does care, migrating to the new system is by all means possible, and
they have very little to do, they will not be punished for another
person's absence or mistake.

--
|8]


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 87vcf65fvu.fsf@luthien.mhp">http://lists.debian.org/87vcf65fvu.fsf@luthien.mhp

Joachim Breitner 09-22-2012 10:56 PM

Changes to Debian Maintainer upload permissions
 
Hi,

Am Samstag, den 22.09.2012, 10:06 +0200 schrieb Ansgar Burchardt:
> During the FTPMaster meeting last week we have implemented the new
> interface for managing DM permissions[1].

very cool stuff, this makes DMs much more useful in teams with a large
amount of packages, thanks a lot!

Would it be possible to extend the syntax to specify lists of packages
not by name, but by Maintainer, e.g. pkg-haskell-maintainers@l.a.d.o?
Bonus points if such an assigment is expanded at dinstall time, so that
the statement “DM 1234 may upload all packages owned by this group”
stays up-to-date even if after new packages of this team have been
added?

(Of course this is just convenience and can already be achieved by a
small script that generates the list of packages.)

Greetings,
Joachim

--
Joachim "nomeata" Breitner
Debian Developer
nomeata@debian.org | ICQ# 74513189 | GPG-Keyid: 4743206C
JID: nomeata@joachim-breitner.de | http://people.debian.org/~nomeata

Christian PERRIER 09-23-2012 06:06 AM

Changes to Debian Maintainer upload permissions
 
Quoting Gergely Nagy (algernon@madhouse-project.org):

> Yep, that is one of the solutions I mentioned earlier. Therefore, if a
> DM does care, migrating to the new system is by all means possible, and
> they have very little to do, they will not be punished for another
> person's absence or mistake.


I agree with that point of view. However, it would then be good to
point people whose uploads are rejected this way to a place where they
would have a good chance to get help restoring the situation (not sure
which place is best suited for that).

Guillem Jover 09-23-2012 07:14 AM

Changes to Debian Maintainer upload permissions
 
Hi!

On Sat, 2012-09-22 at 10:06:35 +0200, Ansgar Burchardt wrote:
> This new interface replaces the old DMUA field. The old field will stop
> working on the 24th of November 2012, from then on only packages
> explicitly granted upload permission to their DMs using the interface
> described here will pass the DM check.

Cool! I've now locally queued a patch removing support for the field
from dpkg, which will be included in the first 1.17.x version uploaded
(to experimental) after the date the field stops being honoured on the
archive side.

thanks,
guillem


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120923071432.GA18885@gaara.hadrons.org">http://lists.debian.org/20120923071432.GA18885@gaara.hadrons.org

Joerg Jaspert 09-23-2012 01:59 PM

Changes to Debian Maintainer upload permissions
 
On 12978 March 1977, Joachim Breitner wrote:

> Would it be possible to extend the syntax to specify lists of packages
> not by name, but by Maintainer, e.g. pkg-haskell-maintainers@l.a.d.o?

Not with the current setup. We have a m:n relation between DMs and
source packages. It's an interesting idea though, but then also not
really what DM is about.

The DM flag (and in future ACL) shows that one trusts that one DM to do
a good job on that one package. Extending it like "this DM may upload
all packages of [whateverbiglist]" is just wrong.

> (Of course this is just convenience and can already be achieved by a
> small script that generates the list of packages.)

Yeah, but please don't. Sillyness like "all of our team packages are
always for all DMs of us" is really working against the system, IMO.
If you want people to have upload rights for such large sets, make them
DD. DM is for people interested in small(er) style maintenance.

--
bye, Joerg
<_DeadBull_> ohne speicher, tastatur, mouse, pladde, monitor, also nur die
Hardware...


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 87vcf4u9f8.fsf@gkar.ganneff.de">http://lists.debian.org/87vcf4u9f8.fsf@gkar.ganneff.de

Joachim Breitner 09-23-2012 03:49 PM

Changes to Debian Maintainer upload permissions
 
Hi,

Am Sonntag, den 23.09.2012, 15:59 +0200 schrieb Joerg Jaspert:
> The DM flag (and in future ACL) shows that one trusts that one DM to do
> a good job on that one package. Extending it like "this DM may upload
> all packages of [whateverbiglist]" is just wrong.
>
> > (Of course this is just convenience and can already be achieved by a
> > small script that generates the list of packages.)
>
> Yeah, but please don't. Sillyness like "all of our team packages are
> always for all DMs of us" is really working against the system, IMO.
> If you want people to have upload rights for such large sets, make them
> DD. DM is for people interested in small(er) style maintenance.

I wouldn’t say it is plain wrong; there are certainly exceptions. All
(library )packages by the DHG have identical packaging issues – if
someone is able to do a good job on one of them, he is able to do a good
job of all of them. Also, the real time-consuming work for us is when we
need to upload all >450 packages with no source change, or a trivial
one. I am certainly looking forward to distribute the load not only on
the DDs but also on the DMs.

Greetings,
Joachim
--
Joachim "nomeata" Breitner
Debian Developer
nomeata@debian.org | ICQ# 74513189 | GPG-Keyid: 4743206C
JID: nomeata@joachim-breitner.de | http://people.debian.org/~nomeata

Thomas Goirand 09-23-2012 04:26 PM

Changes to Debian Maintainer upload permissions
 
On 09/23/2012 11:49 PM, Joachim Breitner wrote:

Also, the real time-consuming work for us is when we
need to upload all>450 packages with no source change, or a trivial
one.

Someone assigned with such task as modifying (even trivially)
and uploading 450 packages should definitively be(come) a DD.

Thomas


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 505F384B.90703@debian.org">http://lists.debian.org/505F384B.90703@debian.org


All times are GMT. The time now is 05:39 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.