Hi I help maintain a couple of security-related packages in the pkg-auth- maintainers, pkg-sssd, pkg-xmpp-devel, oath-toolkit-help groups; gsasl, libntlm, globalplatform, uid/pam/socket/nss/priv-wrapper, shishi, gss, oath-toolkit, and maybe some more. Having all these different maintainer groups doesn't seem to serve a lot of purpose these days, and I discovered your pkg-security team which has a reasonable wiki page [1] with thoughts around collaborative maintainance. Are you open to adding (some of) these packages to the group? If so I would like to join as maintainer of this group and move the packages (as time permit) here. Do you have strong opinions to maintain packages in the salsa "debian" or "pkg-security-team" group? Is there anything important that is achieved by having debian packages in different groups on salsa? The only thing I can think of is to restrict write access through permission settings, but I wonder how much good that actually achieves. I don't know if there has been any historical problems with people doing bad things to salsa "/debian/" projects? That would be a mostly social issue anyway. I've been recommending the "debian" group for some new packages like lib25519, librandombytes, libcpucycles, libmceliece etc, which may also belong in this group. So if you don't strongly disagree, I would prefer to move the packages I mentioned above to the Debian-wide Salsa "debian" group but still use a 'Maintainers: pkg-security-tools' field to indicate collaborative group maintanenace and use this mailing list for bug reports etc. If I move packages on Salsa now, I would prefer to move to a group/URL that is more likely to be stable for the next 10-20 years, like /debian/, to avoid having to move them again in the future. Of course, I'm willing to reconsider if there are some strong reasons that I'm missing. I just don't see how /debian/ vs /pkg-security- tools/ on Salsa would make a huge difference. /Simon [1] https://wiki.debian.org/Teams/pkg-security
Attachment:
signature.asc
Description: This is a digitally signed message part