On Tue, 25 Apr 2006 01:06:50 -0400, seth vidal wrote: > On Mon, 2006-04-24 at 18:55 +0200, Michael Schwendt wrote: > > On Sun, 23 Apr 2006 23:12:32 -0400, seth vidal wrote: > > > > > Also how do we handle the issue of security in > > > terms of the package-signing key during transitions? Clearly anyone > > > outgoing shouldn't keep access to the key. > > > > "Clearly"? > > > > At present, not everybody in FESCO has access to the sign/push scripts or > > the master repository. Access was granted based on an established level of > > trust, wasn't it? If people in FESCO are replaced, do you really want to > > throw away such an establishment? Wow! That's a step backwards IMO. > > I don't understand what you mean here. I think we've got some sort of > miscommunication. > > Here's what I'm saying: > > we have N signers right now. At some point it is conceivable that one of > the signers will stop working on the project. I do not mean anything > about the people leaving FESCO - I mean about the people leaving the > group of signers. Okay. Your initial comment was in the context of "people leaving FESCO". You called it "outgoing", with no clear reference to "people leaving the project alltogether". Without membership in the extras_signers group, there is no access to the key anymore anyway. Here's the full context: > > So, there are some members who want to leave FESCO at the moment. That is > > fine. Thank them for their contributions and let them go. Then elect > > enough members to make FESCO a governing body of 13. Then in 6 months, > > those that were there already have their term up and you elect another half. > > At the risk of sounding pessmistic - do we have 7 new people who > actually want the jobs? Also how do we handle the issue of security in > terms of the package-signing key during transitions? Clearly anyone > outgoing shouldn't keep access to the key. -- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list
