Re: Other Business - Debian audit

From: Stefano Zacchiroli <leader(at)debian(dot)org>
To: Robert Brockway <robert(at)spi-inc(dot)org>
Cc: SPI General List <spi-general(at)spi-inc(dot)org>, auditor(at)debian(dot)org
Subject: Re: Other Business - Debian audit
Date: 2012-07-24 10:19:39
Views: Raw Message | Whole Thread | Download mbox
Lists: spi-general

On Thu, Jul 12, 2012 at 11:40:19PM +1000, Robert Brockway wrote:
> Hi all. Debian is waiting on information from SPI to conclude an
> internal financial audit. The possibility of having Martin
> Michlmayr (debian auditor) work with Michael Schultheiss to complete
> this has been discussed in the past.
> I'm conscious of the workload expected of a treasurer. While
> Michael may need to complete some of the work, I believe quite a lot
> of it could be offloaded to someone who has the right access to the
> records.

Given the struggle we've been going through in Debian to get access to
our transaction records (still unsolved), I'd be totally in favor of
this. But of course I've some sort of conflict of interest in this,
given that I'm also Debian liaison at SPI. FWIW, I'd have no objection
if other projects hosted by SPI wish to have access to Debian
transactions, as they're meant (from the Debian POV at least) to be
fully public anyhow.

> As such, I suggest that at this point we appoint Martin Michlmayr as
> an assistant treasurer for a fixed period (say, 90 days) if he is
> still interested so that he can extract the information from the
> financial records that Debian needs.

To be more precise on this, Debian has as an auditor team, formed ATM by
two people: Martin Michlmayr and Martin Wuertele. They can both be
reached via the auditor(at)debian(dot)org (Cc:-ed) role address. We'd like to
get "role" access to Debian transaction, so that members of the team
could both get access to "our" data, without adding new SPOF, this time
on our side.

The Debian auditor team is pretty stable, so it'd be totally fine for us
to give nominal access to both Martin-s for the time being. But I guess
that giving one role access to the individual SPI projects that ask for
one could be a more scalable solution in the long run.

Thanks a lot for caring about this issue, Robert.
Stefano Zacchiroli zack(at){upsilon(dot)cc,,} . o .
Maître de conférences ...... ...... . . o
Debian Project Leader ....... @zack on ....... o o o
« the first rule of tautology club is the first rule of tautology club »


Browse spi-general by date

  From Date Subject
Next Message Michael Schultheiss 2012-08-09 17:56:21 Treasurer's Report as of 2012-07-31
Previous Message Robert Brockway 2012-07-12 13:40:19 Other Business - Debian audit