How to go about building up trust?

Dave Neary dneary at redhat.com
Fri Jun 22 16:34:26 UTC 2012 

Hi,

On 06/22/2012 02:45 PM, Dan Kenigsberg wrote:
> I am not aware of any other trick beyond building up reputation. Your
> personal involvement in the project goes a long way to prove that you
> indeed care for it.

The difficulty with something like access to servers is that if you 
don't have permission to do damage, you also can't do much good :)

How do you go from unknown and untrusted to known? In code, you get it 
by checking out the project, compiling it, making changes and submitting 
those changes for review.

In Maemo, all of the source code for the website was in revision 
control, and in theory someone could check it out and use a sample data 
dump to get something like the website working locally, and then create 
and propose patches against that. In reality, no-one really did that, 
our website was a little too complicated. But we still got things like 
CSS patches against the website.

With something like Puppet, we could conceivably publish all of the 
configuration files for services and ask for patches for new features - 
Wikipedia just opened up their infrastructure this way.

But really there's no substitute to giving someone (once you do a 
rudimentary check of their credentials) some server space where they 
can't do any harm to anyone else, and evaluate how they manage when 
administering a service that is under consideration. If we have the 
facilities to spin up half a dozen "test service" VMs, that would be 
perfect. Someone like Robert could administer some service (say, an 
alternative Gerrit install or whatever), and then the sysadmins could 
check out how it's set up, whether it scales, integrate it into any SSO 
set-up that's there, whatever.

> However, I do not know to quantify how much reputation would one need to
> get a root access, a permission that is very easy to abuse and very hard
> to take away.
>
> Another important issue beyond trust is NEED. Do you really need full su
> access? I personally do not have such an access, and have to ask
> for every little host tweak specifically.

That might be fine. There are a lot of things you can do without root 
access. Perhaps not without shell access :) I can't help thinking that 
some kind of sandbox which could be for staging new services or testing 
upgrades would be the ideal place to allow people to gain trust 
progressively - first by getting shell access and permissions to 
configure one service, for example, and eventually, as they need and 
earn it, root access.

Cheers,
Dave.

-- 
Dave Neary
Community Action and Impact
Open Source and Standards Team, Red Hat
Phone: +33 9 50 71 55 62

More information about the Infra mailing list