[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Evolving away from source package realms

On Sun, Oct 16, 2022 at 01:06:23PM +0900, Charles Plessy wrote:
> Le Wed, Oct 12, 2022 at 12:14:35AM +0000, Scott Kitterman a écrit :
> > 
> > What fraction of security issues we've had in Debian do you think
> > narrower upload permissions would have prevented?
> 
> Exactly zero.  But my comment is not about the past, it is about the
> future.
> 
> I think that a proper risk assessment would be worth doing, an I also
> think that this mailing list is not a proper place for doing it, not
> because of secrecy but because of noise and lack of focus.  Discussing
> the conclusions here would of course be important.
> 
> On my side, I would be fine if my upload key would be restricted to the
> packages that me and my packaging team maintain.  I am very unlikely to
> need archive-wide privileges in the near future.

Being a frequent participant of a Bug Squashing Party and also general active
on sponsoring, restriction to upload privilieges will likely impair my ability to
contribute to Debian in this areas.

-- 
tobi
Reply to: