[Pkg-javascript-devel] lots of requests to join pkg-javascript

Jonas Smedegaard jonas at jones.dk
Thu Jan 5 12:42:24 UTC 2017 

Quoting Ximin Luo (2017-01-05 12:53:00)
> Pirate Praveen:
>> On വ്യാഴം 05 ജനുവരി 2017 04:22 വൈകു, Jérémy Lal wrote:
>>> This is great, but is this serious ?
>>> Anyone knows what's happening ?

>> I'm taking a packaging workshop at College of Engineering Pune [1].
>> 
>> This is 4th day of the workshop and many have completed their packages
>> and are ready for upload.
>> 
>> https://lists.debian.org/debian-dug-in/2016/12/msg00001.html
>> 
>> Initially some sent requests before I told them to give details about
>> their package. So please approve if the information is complete.
>> 
>
> Hi, please don't add these people.
> 
> People in the alioth group have read-write access to all pkg-javascript git repos as well as shell access on that machine.
> 
> I don't think it's right to give this many people, who show up at an event, this level of access without any other requirement. It is too dangerous.
> 
> I have rejected these requests and removed these people until they package a second package *in their own spare time* outside of an event. In the meantime, they can push their packages on github, this is adequate for a sponsored upload to Debian.

I disagree with that approach, Ximian:

We do not in this team have any rules for membership that one must first 
prove her worth by packaging outside of Debian, not that they must use 
their spare time doing so!

I am concerned if people requesting to join are fully aware what it is 
they join, which is why I asked about that.  But I see nothing wrong 
with approving people we don't know well.

We must recognize that we have little security fencing the assets of 
this team, and treat them accordingly (double-check what you pull, sign 
changes you make, etc.).  Making it harder to join this team does *not* 
help secure our assets!


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

More information about the Pkg-javascript-devel mailing list