[MPlayer-dev-eng] [RFC] roots duties and rights

Luca Barbato lu_zero at gentoo.org
Mon Oct 11 14:09:42 CEST 2010


On 10/11/2010 01:23 PM, Michael Niedermayer wrote:
> Hi
>
> Attila asked me to start a discussion about what duties and rights root should
> have.
> What things people have to provide for the various requests. What they expect
> from root and so on.
>
> also please keep both ML in the CC in case of replies

> Heres a quick dump of /dev/brain
> Duties:
> * Keep the system running smoothly so all "users" can do their work.
>    -Keep the system secure so its not hacked
>    -Recognize problems early and take preemtpive action, aka a mail to
>     the MLs with "we only have 100 mb space left in incoming" for example
>    -Replace hardware when it fails, search for possible donations on ML/IRC
>     ask the foundation to fund hw where needed.
>    -Install security updates quickly
>    -Make regular backups and store them off site, keep past backups so
>     undetected corruption does not make them useless
> * Do all the administrative things that normal users dont have the right to
>    and that havnt been delegated to volunteers.
>    - Create mailinglists that are related to the project when requested by the
>      project leader
>    - Open and Close SVN/GIT accounts if requested by the project leader (root can
>      not reject such requests)
>    - Install software that is requested by project members for their work with
>      the FOSS projects
>    - Open SSH accounts for project members when their FOSS-project related work
>      needs such account
>    - help with forgotten passwords after the user proofes his identity
>    - Root shall attempt to work on requests approximately in order and not ignore
>      requests for months
>    - Root shall in case of ambiguity of a request ask instead of guessing.
> * Have plans in place for total hardware failure (fire / earthquake / ...)
> * Have plans in place for the system being successfully hacked
> * Root must not involve itself deeply in any of the hosted projects, that is
>    to ensure roots impartiality and avoid conflict of interest
>    This conflict of interest exists both in form of making decisions as root
>    to favor ones personal preference in a project. As well as participating
>    in project internal discussions while implicating ones authority.
> * Each project shall have its own incoming directory and who has access to
>    move and delete files from this directory shall be the project leaders
>    decission. Its each projects duty to move files out of there.
> * Root must have public GPG keys and they must be published where users can
>    easily find them. These keys checksums must be available in SVN/GIT of the
>    hosted projects so that people who work with the code have means to verify
>    roots (and the developers) public GPG keys.
> * Root must before expiration of the previous SSL key either generate SSL keys
>    signed by an upstream CA or put self signed SSL keys signed with their
>    gpg key on the webpage and ML
>
>
> Rights:
> -Reject software installation when there is risk to the security or stability
>   of the server
> -Root may resign, in which case new candidates shall be found and a vote
>   amongth all developers who had write access prior to the resignation shall be
>   held. The project leader of each project has a veto right against candidates.
>   This veto right is necessary as root is a service provider and not a power
>   position and if one asks for candidates for root the most power hungry people
>   in the projects come forward. And it is also important that root is trusted
>   by all, more so than root being the one with the prettiest face.
> -Like everyone root can be busy with family, military, jail, girls, pizza,
>   flamewar
>   in which case it is understood that root cannot attend to their duties for a
>   while. But its expected that the roots at least try to have 1 person of them
>   reachable by some means of communication within reasonable time intervals
>   who has then some kind of internet access within reasonable distance in case
>   of emergencies.
> -Root may close an account if
>   -(ssh) the account appears unused since a long time and the user doesnt
>          awnser email/ML. For project specific accounts like SVN/GIT the project
>          leader makes the decision about closing.
>   -(any) There is reason to believe that the account is used by someone else
>          than the intended user without his agreement and knowledge.
>   -(any) The account is used for criminal or malicious activity
>   -Root shall if there is no immedeate danger and there is doubt about the
>    malliciousness of someones activities try to contact that person before
>    account closure to confirm that there really is no misunderstanding and a
>    legitimate intent.
> -Root may temporary disable any service if its misbehaving in a way
>   that causes harm like a ML sending hundreads of mails, ftp being used for
>   warez, ...
> -Root may ban any IP, IP range if accesses from these ranges have happened
>   that cause unreasonable stability, security or bandwidth issues.
> -Root may reject requests that are unrelated to the FOSS project from which
>   the request is made. Root of course should not unreasonable do so but be
>   nice unless there is a reason to reject (like bandwidth, space, time ...)
>   root should elaborately explain such rejections to the requesting user
> -Root may reject any request that is missing needed information, that is
>   root does not have to go hunting missing details that the user should have
>   provided.
> -Root may delegate any work/rights to other people of roots choice but root is
>   fully responsible for that persons actions. Such delegations must be made public.
>   root may revoke any such delegation without specifying reasons at any time.
>
>
> Duties of the users
> -If the user has reason to belive that ones pland action could affect other
>   users or the stability or security of the system then he should contact the
>   public mailinglists or root first and or the affected users if its just one
>   user.
> -Shared files (like incoming and samples) should not be moved or deleted
>   without prior public dicsussion on the mailinglists
> -Users shall try to provide all information root needs when making requests
>   -For Mailing list creation ML name and ML admin email are needed
>   -For creating of SSH accounts a public SSH key and wanted username must be
>    submited by secure means
>   -For recovering a forgotten password proof of identity and the username is
>    needed

Given the current list of roles and duties, I found missing the part 
regarding "Leader" and other side roles, given the current discontent 
among volunteers, it might be useful state them as well.

Leader:
- He is a developer, thus ALL the developer rules apply to him
- During discussions if the outcome is uncertain he has the last word.
- He can ask root to do administrative tasks (e.g. manage accounts)

Maintainer:
- He is a developer, thus ALL the developer rules apply to him
- During discussions regarding his area of influence, he has the last word.
- If the Leader and the Maintainer during discussion cannot agree, the 
Maintainer decision takes precedence.
- You can have a hierarchy of Maintainers (e.g. libavcodec -> single codec)

Developer:
- He has commit access to the common trees
- He can be a Maintainer for a specific area of the project
- He can be the Leader for the project
- He agrees to respect the project policies and rules.
- He proposes patches or patchsets that are approved either by the 
Maintainer or the Leader

Agreement Not Reached:
- The discussion lasts more than a week w/out a definite outcome.

Leader and Maintainer roles are agreed by the whole group of developers.

Key ideas: the Leader is a primus inter pares, so the Maintainer within 
his area, Leaders and Maintainers should strive to not to stomp over 
fellow Developers. Root are developers with more duties. A Release 
Officer is a Maintainer. The Maintainer is assumed to have a deeper 
expertise than the Leader within his specific field, thus his opinion 
wins if agreement could not be reached.

lu

-- 

Luca Barbato
Gentoo/linux
http://dev.gentoo.org/~lu_zero



More information about the MPlayer-dev-eng mailing list