Ignoring the yellow star issue, there are a few implementation concerns/impossibilities with GLEP 41 in its current form.
For instance, the way GLEP 41 suggests doing r/o cvs is not going to work. It suggests using a single account and placing an SSH key for each arch tester in that account's ~/.ssh/authorized_keys file. There are no provisions for key management and I cannot see an easy way to handle it. It's easy to add new keys, but how do we clean out old keys for retired arch testers? (including arch testers that "retire" without ever informing us) SSH doesn't log key ID as near as I can tell, so we have no way of tracking what keys are used and how often. Also, how do we definitively correlate an SSH key with an arch tester? Now, the same question for email -- how do we manage aliases, especially for inactive, retired and semi-retired arch testers? We could track usage in logs, but between mailing list subscriptions, bugzilla notifications and all sorts of other automated emails, that's not an accurate representation of whether an email alias is actively used or not. I talked to Lance and neither he nor I were consulted about this GLEP and how feasible the implementation is. We both are quite concerned about the issues that I've outlined above as well as others. This isn't a "we're refusing to implement this GLEP" email, btw, though I'm sure some of you will take it as such. It is, however, a "we were never consulted regarding implementation details, so there are still issues that need to be worked out before this GLEP can go anywhere" email. --kurt
pgpG6shzxZqrg.pgp
Description: PGP signature
