Re: madison
On Tue, 17 Jul 2001, Anthony Towns wrote:
> The sponsor is, as far as Debian is concerned. S/He's the one we trust to
> ensure that upload doesn't contain trojans, and the one we can actually
> identify if we have any need to.
>
> Sponsorship is a gaping hole in our trust model.
Maybe sponsored packages go into a separate dist/, not sid/, but maybe
sponsors/? Oh, and we need to make absolutely sure no sponsored packages ever
get into testing.
Reply to:
- References:
- Re: madison
- From: Anthony Towns <aj@azure.humbug.org.au>