Discussing the DMUP
Hi,
I was looking at the Debian Machine usage policy (to be found
at <URL:http://www.debian.org/devel/dmup>), and found a number of
glaring flaws and omissions. More ominously, I think that unlike the
constitution, the DMUP places uncontrolled power into the hands of
the DSA, with no checks on the use of these powers.
I think it needs a rewrite, and one that should go through a
better review process than the current one did. An document that
determines the rulkes and penalties that the developer community has
to live by should noit be decided by a small group of people; this
needs ratification by the whole project.
I am dismayed that that was not considered necessary.
Also, there is no accountability delineated in this document;
there are poweres, but no penalties for the abuse of those powers
(unlike transgressions by mere mortals, the penalties for those are
stated up front.
I think we need a rewrite, from the ground up, in full view,
and full ratification of the developer community.
Here are a few shortcoming that I found to shore up the above
statements:
1)
This document contains two parts: policies and
guidelines. The rules in the policies are binding
and may not be violated. The guidelines specify rules
that may be violated if necessary but we would rather
one did not.
Incidentally, there are no guidelines. This whole document seems
incomplete, hurriedly foisted onto us, without even a minimal proof
reading.
2)
Don't by any wilful, deliberate, reckless or unlawful
act interfere with the work of another developer or
jeopardize the integrity of data networks, computing
equipment, systems programs, or other stored
information.
I violate this every time I use ppp. Or sue an editor to write
code that just happens to be buggy. Or delete files. What is missing
is the word unauthorized, obviously. Authorized disruption of
intergrity of data networks should be perfectly fine, espescially
when I own that network segment.
3)
1.Privilege
Access to Debian Facilities is a privilege, not a right
or a commercial service, and we reserve the right to
revoke this privilege at any time, without prior
notice. An explanation will be given within 48 hours.
If we here is the admin team, this paragraph gives the team an
right to revoke any access, whether or not the trms of the DMUP were
violated. All is required is an explanation (note, as written, the
explanation could be anything at all; no explicit mention is made of
what could lead to such a revocation).
I find no rationale for this. At the very least, this should
explain who ``we'' are; If ``we'' is the Project as a whole, this
makes sense, if ``we'' is just the DSA member, this is too much power
with too little checks (I am told that the DPL can fire the DSA
member and order a unrevocation, but why this granting of power in
the first place?).
The DMUP needs to clearly delineate what class of activities can
cause such an actin to be taken, and who is authorized to reach that
decision (The DPL alone, a general resolution, the NM team, etc).
I think that revoking accounts when the DMUP has not been
violated should require the approval of the developer community as a
whole.
4)
There seem to be some strange restrictions. For example:
Debian does not have any Usenet news servers. It may be that
some of the Debian machines have access to such a news server,
but their use through Debian machines is strictly forbidden.
Why is using a newreader on Debian machines strictly
forbidden? (Incidentally, on IRC, Jason and AJ insist that the
paragraph above explicitly allows access to usenet servers, and they
say the intent was not to forbid access. Not being a teleapth, I took
the policy document at its word, and if indeed the intent was not to
prohibit, this error needs be corrected. If the intent is to restrict
access. why?)
6)
2.The offender will be required to contact the
Debian Systems Administration and convince
us that there will be no further breaches of the
DMUP by the offender.
This should be the developer community, or perhaps the NM team,
not just the DSA. Indeed, I think that the full community should be
involved, there is no need to keep this behind closed doors.
7)
Branden> The DMUP does not address at what point the NM team and/or DPL are
Branden> involved in the process of determining the disciplinary action to be
Branden> taken once a possible offense has come to the project's attention.
Branden> I presume it is the resposibility of the DSA to enforce measures
Branden> relating to logins and accounts, and the NM team regarding key
Branden> management, but none of this is spelled out in the DMUP.
8)
Branden> The DMUP takes an adversarial stance towards the people who
Branden> are expected to abide by it. That is destructive to our
Branden> spirit of community.
manoj
--
The human animal differs from the lesser primates in his passion for
lists of "Ten Best". Allen Smith
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: