The level of trust required is immense. We’re talking about a position where you get the keys to the...

rtpg • yesterday at 9:29 PM • 2 replies • view on HN

The level of trust required is immense. We’re talking about a position where you get the keys to the kingdom to a very large number of projects

I would say that having roadie level access is equivalent to having access to Django core. I have never seen a recent Django project that isn’t pulling something from jazzband

Despite this I think it’s important to highlight that even in that world jazzband had a lot of infra so that projects could do things like releases cleanly and safely (we aren’t doing direct project releases to pypi but going through jazzband infra to do the release). So release maintainers have a lot less access despite releases “coming from” Jazzband

Replies

vova_hn2 • yesterday at 9:33 PM

> The level of trust required

Maybe it could be mitigated by having some kind of council and requiring m out of n signatures to do anything?

I know that people on HN hate Bitcoin, so I'm always a bit vary to use it as an example.

But I think that in such cases having something similar to Bitcoin multisig could help.

➕ show 1 reply

frankwiles • yesterday at 10:09 PM

Yep trust was always the issue here really. Don’t blame Jannis at all for being super careful about that.

alt Hacker News

Replies