Request to join as new member

To: debian-security-tools@lists.debian.org
Subject: Request to join as new member
From: Simon Josefsson <simon@josefsson.org>
Date: Sat, 16 Dec 2023 11:33:03 +0100
Message-id: <[🔎] 3a1b678d5a65ab816d99a8f297f7e5294a8675d9.camel@josefsson.org>

Hi

I help maintain a couple of security-related packages in the pkg-auth-
maintainers, pkg-sssd, pkg-xmpp-devel, oath-toolkit-help groups; gsasl,
libntlm, globalplatform, uid/pam/socket/nss/priv-wrapper, shishi, gss,
oath-toolkit, and maybe some more.  Having all these different
maintainer groups doesn't seem to serve a lot of purpose these days,
and I discovered your pkg-security team which has a reasonable wiki
page [1] with thoughts around collaborative maintainance.

Are you open to adding (some of) these packages to the group?  If so I
would like to join as maintainer of this group and move the packages
(as time permit) here.

Do you have strong opinions to maintain packages in the salsa "debian"
or "pkg-security-team" group?  Is there anything important that is
achieved by having debian packages in different groups on salsa?  The
only thing I can think of is to restrict write access through
permission settings, but I wonder how much good that actually achieves.
I don't know if there has been any historical problems with people
doing bad things to salsa "/debian/" projects?  That would be a mostly
social issue anyway.

I've been recommending the "debian" group for some new packages like
lib25519, librandombytes, libcpucycles, libmceliece etc, which may also
belong in this group.

So if you don't strongly disagree, I would prefer to move the packages
I mentioned above to the Debian-wide Salsa "debian" group but still use
a 'Maintainers: pkg-security-tools' field to indicate collaborative
group maintanenace and use this mailing list for bug reports etc.  If I
move packages on Salsa now, I would prefer to move to a group/URL that
is more likely to be stable for the next 10-20 years, like /debian/, to
avoid having to move them again in the future.

Of course, I'm willing to reconsider if there are some strong reasons
that I'm missing.  I just don't see how /debian/ vs /pkg-security-
tools/ on Salsa would make a huge difference.

/Simon

[1] https://wiki.debian.org/Teams/pkg-security

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Prev by Date: [RFS] scap-security-guide
Next by Date: RFS: New upstream release for ssldump (version 1.8)
Previous by thread: [RFS] scap-security-guide
Next by thread: RFS: New upstream release for ssldump (version 1.8)
Index(es):
- Date
- Thread