<div class="gmail_quote">On Mon, Sep 3, 2012 at 4:20 AM, Erik Hesselink <span dir="ltr"><<a href="mailto:hesselink@gmail.com" target="_blank">hesselink@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">I think that the eventual situation should have per-package uploaders.</div>
It just seems to dangerous for anyone to be able to upload any<br>
package, especially heavily-used ones.</blockquote><div><br></div><div>I think you underestimate the power of non-technical security measures. It's not been a problem in the past, and Debian allows any committer to upload any package.</div>
<div><br></div><div>The thing is, since we have an account approval process and that we have a full, public log of everything that everybody's uploaded, people are going to notice when somebody uploads something they shouldn't. We have accountability, unlike a typical FTP site or other mutable filesystem.</div>
<div><br></div><div>Also, remember Linus Torvald's justification for not having any commit bits in git; I think our situation is different but similar. If somebody does upload something they shouldn't, to what degree is it really a problem? Again, data is not lost, and we have accountability.</div>
<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> On the other hand, I see little<br>
use for the global uploaders group. So I'd propose to eventually<br>
switch from the current situation, and have only per-package<br>
uploaders, and no global uploaders.</blockquote><div><br></div><div>As a LtU admin (something more of a nightclub bouncer, really), I dislike the current Hackage 2 user account process in a lot of respects. But the approval process has worked remarkably well for LtU, we haven't had a single spam message since requiring account approval before posting. (I hope I haven't failed to approve too many legitimate requests... but at the same time, if somebody really wants an account they can try again or contact Ehud.)</div>
<div><br></div><div>Also, we haven't had a single problem that I'm aware of on Ross Paterson's watch as bouncer for Hackage 1. The point I'm trying to make is that a technical solution imposes additional administrative and technical overhead whereas social processes can also be very effective while also handling corner cases more gracefully.</div>
<div><br></div><div>I've been working on a very rough sketch of a web application for the workflow I'd like to have in this account request/approval process. Hopefully I'll have some code to show soonish, but I have a lot on my plate this week.</div>
<div><br></div><div>Best,</div><div>Leon</div></div>