How to go about building up trust?

Karsten 'quaid' Wade kwade at redhat.com
Fri Jun 22 17:51:25 UTC 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/22/2012 05:45 AM, Dan Kenigsberg wrote:
> On Thu, Jun 21, 2012 at 05:00:31PM -0400, Robert Middleswarth
> wrote:
>> Sorry I forgot to include the subject line?
>> 
>> On 06/21/2012 04:57 PM, Robert Middleswarth wrote:
>>> A few months ago It was asked on infra@ about how the group
>>> should go about building up trust so you all would feel
>>> comfortable handing out e.g. ssh and sudo access to servers.
>>> Since there is someone activity (me) asking seeking to help and
>>> would need that access I guess this is a good time to bring up
>>> the question again.
> 
> I am not aware of any other trick beyond building up reputation.
> Your personal involvement in the project goes a long way to prove
> that you indeed care for it.

The model I started following initially here is from Fedora
Infrastructure, where they start new contributors with:

* Addition to nagios monitoring system aka firehose of system alerts
that clues you in to what things happen, what you might be able to fix.
* ssh access to the bastion host.
* ssh access to the server group you are interested in - build system,
web servers, etc. - but no sudo access.
* View in to configs in Puppet.

With that a competent person can prove competency, not do any harm,
not see anything secret, but be able to diagnose and offer solutions
(even patches).

I've imagined us doing something similar here, but it will take some
effort to get that in place. Splitting services up will help. Itamar
and I are working with Red Hat IT to get more VMs in a few months,
primarily for Jenkins hosts, but I want a few to do a proper split of
our infra from all-in-one-kitchen-sink. :)

> However, I do not know to quantify how much reputation would one
> need to get a root access, a permission that is very easy to abuse
> and very hard to take away.
> 
> Another important issue beyond trust is NEED. Do you really need
> full su access? I personally do not have such an access, and have
> to ask for every little host tweak specifically.

The topic is less about how to serve the developer needs, who should
just be able to ask infra@ or a ticket system.

This topic is about how to build up trust toward more access and
ability to affect change for people who are interested in taking
responsibility for oVirt's infrastructure.

- - Karsten
- -- 
Karsten 'quaid' Wade, Sr. Analyst - Community Growth
Red Hat Open Source and Standards (OSAS)
http://TheOpenSourceWay.org
@quaid (identi.ca/twitter/IRC) | gpg: AD0E0C41
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iD8DBQFP5LCd2ZIOBq0ODEERAiZ9AJ0cJJ7qgW/DBm5RdhcE9K1v7msnbACgghxK
jy6Z7xGxT/IPuXZzWGFIgqE=
=XDJe
-----END PGP SIGNATURE-----

More information about the Infra mailing list