Re: Evolving away from source package realms
On Sun, Oct 16, 2022 at 01:06:23PM +0900, Charles Plessy wrote:
> Le Wed, Oct 12, 2022 at 12:14:35AM +0000, Scott Kitterman a écrit :
> >
> > What fraction of security issues we've had in Debian do you think
> > narrower upload permissions would have prevented?
>
> Exactly zero. But my comment is not about the past, it is about the
> future.
>
> I think that a proper risk assessment would be worth doing, an I also
> think that this mailing list is not a proper place for doing it, not
> because of secrecy but because of noise and lack of focus. Discussing
> the conclusions here would of course be important.
>
> On my side, I would be fine if my upload key would be restricted to the
> packages that me and my packaging team maintain. I am very unlikely to
> need archive-wide privileges in the near future.
Being a frequent participant of a Bug Squashing Party and also general active
on sponsoring, restriction to upload privilieges will likely impair my ability to
contribute to Debian in this areas.
--
tobi
Reply to: