Re: Transition to gnat-4.6
On Tue, Sep 27, 2011 at 11:41:04AM -0400, Stephen Leake wrote:
> >>> Any maintainer can make his package Build-Depend on gnat, or imitate
> >>> a shared library to fake whatever automatic test I can imagine.
> >>
> >> I think you are implying that Bad Things Can Happen if this rule is
> >> accepted; can you be more explicit?
> >>
> >> For example, how would a malicious DM get malicious code uploaded by
> >> this rule, that they can't do now?
> >
> > I think the danger that DM status prevents is that a malicious DM
> > hijack a package that they don't own. There are strict rules for
> > non-maintainer uploads; DMs simply cannot do NMUs. I think your
> > proposed rule would make it much easier for a DM to hijack a package
> > without a formal NMU, e.g. by renaming one of their binary packages to
> > a package that already exists.
>
> The proposed rule says the new name has to differ from the old name by
> only a number change, so I don't see how this is possible.
Allowing me to upload grub, mplayer, gcc-4.4, mpg123 is not the same
as allowing me to upload grub2, mplayer2, gcc-4.6, mpg321.
More generally, I could become a burden to the ftpmasters by uploading
too many packages in the NEW queue.
Reply to: