[Pkg-javascript-devel] lots of requests to join pkg-javascript
Jonas Smedegaard
jonas at jones.dk
Thu Jan 5 12:42:24 UTC 2017
Quoting Ximin Luo (2017-01-05 12:53:00)
> Pirate Praveen:
>> On വ്യാഴം 05 ജനുവരി 2017 04:22 വൈകു, Jérémy Lal wrote:
>>> This is great, but is this serious ?
>>> Anyone knows what's happening ?
>> I'm taking a packaging workshop at College of Engineering Pune [1].
>>
>> This is 4th day of the workshop and many have completed their packages
>> and are ready for upload.
>>
>> https://lists.debian.org/debian-dug-in/2016/12/msg00001.html
>>
>> Initially some sent requests before I told them to give details about
>> their package. So please approve if the information is complete.
>>
>
> Hi, please don't add these people.
>
> People in the alioth group have read-write access to all pkg-javascript git repos as well as shell access on that machine.
>
> I don't think it's right to give this many people, who show up at an event, this level of access without any other requirement. It is too dangerous.
>
> I have rejected these requests and removed these people until they package a second package *in their own spare time* outside of an event. In the meantime, they can push their packages on github, this is adequate for a sponsored upload to Debian.
I disagree with that approach, Ximian:
We do not in this team have any rules for membership that one must first
prove her worth by packaging outside of Debian, not that they must use
their spare time doing so!
I am concerned if people requesting to join are fully aware what it is
they join, which is why I asked about that. But I see nothing wrong
with approving people we don't know well.
We must recognize that we have little security fencing the assets of
this team, and treat them accordingly (double-check what you pull, sign
changes you make, etc.). Making it harder to join this team does *not*
help secure our assets!
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
More information about the Pkg-javascript-devel
mailing list