RFC: FESCo Future
bugs.michael at gmx.net
Tue Apr 25 08:52:55 UTC 2006
On Tue, 25 Apr 2006 01:06:50 -0400, seth vidal wrote:
> On Mon, 2006-04-24 at 18:55 +0200, Michael Schwendt wrote:
> > On Sun, 23 Apr 2006 23:12:32 -0400, seth vidal wrote:
> > > Also how do we handle the issue of security in
> > > terms of the package-signing key during transitions? Clearly anyone
> > > outgoing shouldn't keep access to the key.
> > "Clearly"?
> > At present, not everybody in FESCO has access to the sign/push scripts or
> > the master repository. Access was granted based on an established level of
> > trust, wasn't it? If people in FESCO are replaced, do you really want to
> > throw away such an establishment? Wow! That's a step backwards IMO.
> I don't understand what you mean here. I think we've got some sort of
> Here's what I'm saying:
> we have N signers right now. At some point it is conceivable that one of
> the signers will stop working on the project. I do not mean anything
> about the people leaving FESCO - I mean about the people leaving the
> group of signers.
Okay. Your initial comment was in the context of "people leaving FESCO". You
called it "outgoing", with no clear reference to "people leaving the project
alltogether". Without membership in the extras_signers group, there is no
access to the key anymore anyway.
Here's the full context:
> > So, there are some members who want to leave FESCO at the moment. That is
> > fine. Thank them for their contributions and let them go. Then elect
> > enough members to make FESCO a governing body of 13. Then in 6 months,
> > those that were there already have their term up and you elect another half.
> At the risk of sounding pessmistic - do we have 7 new people who
> actually want the jobs? Also how do we handle the issue of security in
> terms of the package-signing key during transitions? Clearly anyone
> outgoing shouldn't keep access to the key.
More information about the fedora-extras-list